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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Inventor(s) Axel SUSEN et al. 

Serial No. To Be Assigned 

Filed Herewith 

For METHOD FOR VERIFYING ACCESS 

AUTHORIZATION FOR VOICE TELEPHONY IN A 
FIXED NETWORK LINE OR MOBILE TELEPHONE 
LINE AS WELL AS A COMMUNICATIONS NETWORK 

Examiner : To Be Assigned 

Art Unit To Be Assigned 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

PRELIMINARY AMENDMENT 

SIR: 

Kindly amend the above-identified application before examination, as set 
forth below. 

IN THE TITLE : 

Please replace the title with the following: 
-METHOD FOR VERIFYING ACCESS AUTHORIZATION FOR VOICE 
TELEPHONY IN A FIXED NETWORK LINE OR MOBILE TELEPHONE LINE AS 
WELL AS A COMMUNICATIONS NETWORK-. 

IN THE SPECIFICATION : 

Please amend the specification, including abstract, pursuant to the 
attached substitute specification. Also attached is a red-lined copy of the 
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specification, indicating deleted and added sections. No new matter has been 
added. 

IN THE CLAIMS : 

Please cancel original claims 1-15 and revised claims 1-14 (filed in 
the underlying PCT application) without prejudice. 

Please add the following new claims: 

16. (New) A method of verifying access authorization for voice telephony for a 
fixed network line or a mobile telephone line, comprising: 

providing a first voice signal of a first subscriber placing a telephone call; 

analyzing the first voice signal via a voice recognition algorithm when one of 
(a) before a communication connection between the first subscriber and a second 
subscriber is established and (b) after the communication connection between the 
first subscriber and the second subscriber is established, and if the analyzing 
begins after the communication connection between the first subscriber and the 
second subscriber is established then the first voice signal and a second voice 
signal of the second subscriber continue to be relayed; 

comparing the first voice signal with a voice reference data record to 
determine an identity of the first subscriber; 

determining if the first voice signal is in the voice reference data record and 
if the first voice signal is not in the voice reference data record then at least one 
communication effect occurs, the at least one communication effect including not 
establishing the communication connection, automatically interrupting the 
communication connection and generating an alarm in the communication 
connection; 

recording the first voice signal before and after a communication connection 
to the second subscriber is established; 

assigning the voice reference data record to the fixed network line or the 
mobile telephone line; and 
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recording a voice sample of the first subscriber and the second subscriber at 
regular time intervals during the communication connection and checking the first 
and second voice signals with the voice reference data record. 

17. (New) The method of claim 16, wherein the voice reference data record 
contains reference voice samples corresponding to at least one specific spoken 
word, and the voice recognition algorithm analyzes a recorded voice signal with the 
reference voice samples for a match within a determined tolerance range. 

18. (New) The method of claim 16, wherein the voice reference data record 
corresponds to a reference speech pattern independent of semantic content and 
characteristic of a person, and the voice recognition algorithm creates a 
corresponding speech pattern from the recorded voice signal by statistically 
analyzing the recorded voice signal, the corresponding speech pattern being 
compared with the reference speech pattern. 

19. (New) The method of claim 18, wherein the reference speech pattern is 
characteristic of a specific frequency distribution of spoken language by the 
person. 

20. (New) The method of claim 16, wherein the reference data record is assigned 
to a PBX line of a private branch exchange. 

21. (New) The method of claim 16, wherein the recorded voice signal is recorded 
during a predetermined time interval after the initiation of the communication 
connection, and the recording is terminated at a conclusion of the communication 
connection. 

22. (New) The method of claim 16, wherein the recorded voice signal is stored in 
an intermediate memory, and further comprising erasing the recorded voice signal 
stored in the intermediate memory if the recorded voice signal is determined as 
matched with the reference data record, and continuing to store the recorded voice 
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signal if the recorded voice signal is determined as not-matched with the reference 
data record. 

23. (New) The method of claim 16, wherein the method is actuated only at at least 
one of a predetermined time of day, a predetermined time of month, and a 
predetermined call destination, and the communication connection cannot be 
established during at least one of a time outside the predetermined time of day, a 
time outside of the predetermined time of month, and a call destination outside of 
the predetermined call destination. 

24. (New) The method of claim 16, further comprising assigning a predetermined 
authorization code to the fixed network line or the mobile telephone line and if the 
first subscriber enters the predetermined authorization code before the 
communication connection is established then the method is not actuated, the first 
subscriber entering the predetermined authorization code by at least one of an 
acoustic signal and via a key pad. 

25. (New) The method of claim 16, further comprising recording an amount of an 
attempt of unauthorized access of the fixed network line or the mobile telephone 
line and blocking the access of the fixed network line or the mobile telephone line if 
the amount of the attempt of unauthorized access is equal to or larger than a 
predetermined maximum attempt value within a predetermined time interval. 

26. (New) A communication network comprising: 

a calling line and a called line, the calling line and the called line being at 
least one of a fixed network line and a mobile telephony line; 

a technical means for establishing a communication connection between the 
calling line and the called line; 

an accessing means for accessing a data line via which a first voice signal is 
at least partially transmitted between the calling line and the called line, the 
accessing means being configured to record the first voice signal transmitted by 
the calling line; 
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a memory in which a reference data record is stored, the reference data 
record containing a reference voice sample of a person having access 
authorization to the calling line; 

a control unit having a voice recognition unit configured to access the 
memory for the stored reference data record, analyze the recorded first voice 
signal using voice recognition algorithms, and determine if the first voice signal 
belongs to the person having access authorization to the calling line by comparing 
the recorded first voice signal with the stored reference data record, the control unit 
configured to initiate production of an interrupt signal to interrupt the 
communication connection if the voice recognition unit determines that the first 
voice signal does not belong to the person having access authorization to the 
calling line; 

if the voice recognition unit determines that the first voice signal does belong 
to the person having access authorization to the calling line then the accessing 
means records a voice sample at regular time intervals during the entire 
communication connection, the voice recognition unit determining whether the 
voice sample belongs to a person having access authorization to at least one of 
the calling line and the called line. 

27. (New) The communication network of claim 26, wherein the control unit and 
the memory are arranged within one of a telephone system and a private branch 
exchange, and the stored reference data record corresponds to at least one of a 
reference voice sample and a reference speech pattern of the person having 
access authorization to at least one of the calling line and the called line. 

28. (New) The communication network of claim 26, further comprising an 
exchange, the control unit and the memory being assigned to the exchange, the 
reference data record of the calling line is assigned to the exchange and stored in 
the memory, and the control unit causes the exchange to do at least one of 
generate a signal interrupting the communication connection and generate an 
alarm if the voice sample cannot be matched with the stored reference data record. 
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29. (New) The communication network of claim 26, further comprising a Service 
Control Point (SCP) of an intelligent network, the control unit and the memory 
being assigned to the Service Control Point, the control unit causing the Service 
Control Point to do at least one of generate a signal interrupting the communication 
connection and generate an alarm if the voice sample cannot be matched with the 
stored reference data record. 

30. (New) A mobile terminal for telecommunications, comprising: 

an accessing means for accessing a data line via which a voice signal is 
transmitted in electronic form and for recording the voice signal and an entered 
signal; 

at least one memory in which an at least one reference data record is 
stored, the at least one reference data record being assigned to a group of persons 
having an access authorization; 

at least one control unit having a voice recognition unit configured to access 
the at least one memory for the at least one reference data record and to analyze 
the recorded voice signal via a voice recognition algorithm and to determine the 
access authorization by comparing the recorded voice signal with the at least one 
reference data record, the at least one control unit effecting at least one of initiating 
production of an interrupt signal to interrupt the communication connection and 
initiating a shut-off of the terminal if the recorded voice signal does not match with 
the at least one of the at least one reference data record; and 

a sampling means for recording voice samples at regular time intervals 
during the entire communication connection, the at least one control unit 
determining whether the voice sample belongs to a person of the group of persons 
having access authorization. 

REMARKS 

This Preliminary Amendment cancels, without prejudice, original claims 1-15 
and the revised claims 1-14 in the underlying PCT Application No. 
PCT/EP99/06371 , and adds new claims 16-30. The new claims conform the 
claims to U.S. Patent and Trademark Office rules and do not add new matter to the 
application. 
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The amendments to the specification and abstract reflected in the 
substitute specification are to conform the specification and abstract to U.S. Patent 
and Trademark Office rules, and do not introduce new matter into the application. 

The underlying PCT Application No. PCT/EP99/06371 includes an 
International Search Report, dated December 20, 1999, a copy of which is 
included. The Search Report includes a list of documents that were considered by 
the Examiner in the underlying PCT application. 

The underlying PCT Application No. PCT/EP99/06371 also includes 
an International Preliminary Examination Report, dated December 13, 2000, a copy 
of which is included, including a translation. 

Applicants assert that the present invention is new, non-obvious, and 
useful. Prompt consideration and allowance of the claims are respectfully 
requested. 



Respectfully Submitted, 



KENYON & KENYON 





Richard L. Mayer 
Reg. No. 22,490 



One Broadway 
New York, NY 10004 
(212) 425-7200 
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VERFAHREN ZUR KONTROLLE DER ZUGANGSBERECHTIGUNG FOR DIE SPRACHTELEFONIE AN EINEM 
FESTNETZ- ODER MOB ILTELEFON ANSCHLUSS SOWIE KOMMUNIKATIONSNETZ 



The invention relates to a method for checking ac- 
cess authorisation at a fixed network or mobile telephone 
connection and to a communications network which 
checks access authorisation in this way. According to the 
invention, access authorisation is checked by analysis of 
a voice signal provided by the subscriber before or during 
an ongoing conversation. According to one variant, the 
voice signal is given in the form of a password before the 
connection is established. According to another variant, 
the voice and the subscriber are identified by analysing 
the voice signals which are also transmitted to the call 
recipient, so that the access check can be carried out in a 
concealed manner without hindering the flow of the con- 
versation. 

(57) Zusammenfassung 
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Die Erfindung betrifft ein Verfahren zur Kontrolle 
der Zugangsberechtigung fur die Sprachtelefonie an 
einem Festnetz- oder MobiltelefonanschluB sowie ein 
Kommunikationsnetz mit einer derartigen Zugangs- 
berechtigungskontrolle. Die Zugangsberechtigung wird 
erfindungsgemafi durch Analyse eines Sprachsignals, 
welches vor oder wahrend eines laufenden Gesprachs 
vom rufenden Teilnehmer eingegeben wurde, 

kontrolliert. In einer Variante wird das Sprachsignal als PaBwort vor dem Verbindungsaufbau eingegeben, in einer anderen Variante werden 
zur Spracherkennung und Teilnehmeridentifizierung diejenigen Sprachsignale untersucht, welche auch an den Kommunikationspartner 
ubertragen werden, so da8 eine verborgene, den normalen Gesprachsablauf nicht behindemde Zugangskontrolle moglich ist. 
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METHOD FOR VERIFYING ACCESS AUTHORIZATION FOR VOICE 
TELEPHONY IN A FIXED NETWORK LINE OR MOBILE TELEPHONE 
LINE AS WELL AS A COMMUNICATIONS NETWORK 

Technical Field 

The invention relates to a method for verifying access 
authorization for voice telephony in a fixed network line 
5 or mobile telephone line as well as a communications 

network having such access authorization verification. 

Background of the Invention 

10 In the case of private branch exchanges (PBXs) for 

telecommunications having a large number of extension 
stations used by different persons, but also in the case 
of mobile terminals, in other words, cell phones, there 
exists the problem of abuse by unauthorized third parties 

15 or by unauthorized employees of a company. For example, 

personal conversations are frequently held via PBX lines 
of large corporations at the employer's expense. 
Moreover, when telephone calls are made from a stolen or 
lost mobile telephone, the account of the lawful owner is 

20 always charged without the owner being able to directly 

prevent this. 

To prevent unauthorized use in private branch exchanges, 
methods are known in which the user of a terminal must 
25 enter an access code to be able to make an interoffice 

call and/or to dial specific outside numbers. In these 
methods, the subscriber enters a personal access code 
(PIN) via the keypad of the terminal, the access code 
being evaluated by the private branch exchange and 
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compared with a table of authorized names. This method 
also makes it possible to allocate the incurred charges 
to specific individuals. Once the subscriber's 
authorization has been established in this manner, the 
5 corresponding PBX line is enabled to establish an 

interoffice or long-distance connection. 

However, due to the additional time required, this method 
of entering a code before each call is very cumbersome 

10 and is not practicable for PBX lines from which many 

calls are made regularly, e.g., a secretary's office or a 
senior executive's office. For that reason, such lines 
are frequently exempted from the access verification so 
that any person can call from them at any time and the 

15 problem of unauthorized use persists. 

An additional known method is to detect unauthorized use 
after the fact by analyzing the call durations, the 
direction, and the subscriber called or the number 

20 called. For this purpose, the private branch exchange 

logs the calls made, the call destinations, call 
duration, and the associated PBX line. A similar 
verification takes place in the network management system 
of a public switched telephone network. For example, all 

25 calls lasting longer than a predetermined duration are 

checked for the call destination later or during the 
connection. An unauthorized use can be detected if the 
call destination cannot be assigned to a predetermined 
group of telephone numbers, which, for example, are 

30 assigned to the company's customers. Individual PBX lines 

such as those of senior executives can be exempted from 
checking for unauthorized use in this case also. 

However, even with this type of checking for unauthorized 
35 use, only 1 ine - specif ic determination of an unauthorized 
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use is possible. Those cases in which the same person 
improperly uses different terminals without authorization 
cannot be detected. Moreover, the unauthorized use can 
only be detected after the fact; an unauthorized call 
5 cannot be prevented. 

U.S. Patent 5,623,539 relates to a device and a method 
for monitoring a telephone connection for unauthorized 
use. For this purpose, voice samples of all of the 

10 persons who are authorized to use the telephone 

connection are stored. During a conversation conducted 
over the telephone connection, the transmitted voice data 
is tapped and broken down via suitable means into 
individual voice samples, each of the thus-obtained voice 

15 samples corresponding to the voice of one of the 

conversation participants. These voice samples taken from 
the telephone conversation are compared to the stored 
voice samples. The telephone connection is only accepted 
as authorized when a sufficient match between at least 

20 one of the stored voice samples and at least one of the 

voice samples obtained from the telephone conversation is 
determined . 

U.S. Patent 5,093,855 relates to a method and a device 
25 for speaker recognition in a telephone switching 

exchange, where tapped speech samples are supplied via 
the telephone line to the exchange, where they are 
compared to previously stored speech samples. If the 
speaker is recognized, a first signal is emitted, 
30 otherwise, a second signal is emitted. 

The publication "Speaker Identity Verification over 
Telephone Lines: Where we are and where we are going" by 
T.C. Feustel and G.A. Velius, International Carenaham 
35 Conference, Zurich 1989, addresses voice recognition and 
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the security, e.g., against unauthorized telephone use, 
that it can provide. In this context, the possibility to 
increase security by combining voice recognition and the 
use of passwords or PINs is also mentioned. 

5 

Technical Obj ect 

The object of the present invention is therefore to 
provide a method for verifying access authorization for 
10 voice telephony that does not hamper the normal use of 

telephones and permits direct detection of attempts at 
unauthorized use and prevents them if necessary. 

Summary of the Invention 

15 

The objective is achieved by a method for verifying 
access authorization for voice telephony in a fixed 
network or mobile telephone line by voice recognition 
according to Claim 1 . Advantageous further developments 

2 0 of the invention are the object of the dependent claims. 

According to the present invention, voice signals of the 
subscriber placing the call are recorded before or after 
the communication connection to the subscriber being 

25 called is set up. For example, the subscriber can be 

automatically prompted to acoustically provide a password 
after dialing the outside number, but before the 
connection is established. Alternatively, the voice 
signals are recorded during the course of the call, the 

30 voice signals of the subscriber placing the call being 

relayed concurrently to the subscriber called so that the 
communication is not disturbed. In both cases, the voice 
signal of the subscriber placing the call is analyzed by 
voice recognition algorithms and compared with a 

3 5 reference data record or several reference data records 



NY01 351717 v1 



4 



REVISED PAGES 



o ^ o Cji a .1. ^ „, y o ^ s. j ^ 



for purposes of assignment. The reference data record (s) 
is/are assigned to the fixed network line or mobile 
telephone line in an unambiguous manner; in particular, 
they define the group of persons having authorized 
5 access. According to the present invention, the 

communication connection is automatically disconnected or 
is not established and/or an alarm is triggered, if the 
recorded voice sample cannot be assigned to any reference 
data record. Otherwise, the communication connection is 
10 maintained or established in the customary manner. 

Preferably, voice recognition takes place after the start 
of the communication connection online, i.e., directly 
during the communication connection. As with line tapping 
15 by police or intelligence services, the voice signals of 

the subscriber placing the call are tapped from the data 
line and supplied to a voice recognition unit, which 
analyzes them online. The voice data is transmitted 
concurrently to the person called. If the voice 

2 0 recognition unit is able to make an assignment to a 

reference data record, the analysis of the voice signal 
is terminated, and the data processing capacity of the 
voice recognition unit is available for identifying 
additional callers . 

25 

As an alternative to voice recognition during the 
connection, the speaker can be assigned to a billing 
account before the connection is established as part of 
an authentication procedure that the speaker must 

3 0 undergo. In this case, the telephone user is requested to 

provide a voice sample, and the connection is only 
established once the voice sample has been identified and 
the speaker is identified as authorized. 

35 In addition to online voice recognition, the voice signal 
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of the subscriber placing the call can also be recorded 
and stored in intermediate memory as a voice sample. The 
stored voice sample is then analyzed during or after the 
communication connection . 

5' 

The method according to the present invention has the 
particular advantage that it is not necessary to perform 
the cumbersome action of entering a password manually 
before the communication connection is established, but 

10 rather access is established or maintained by voice 

control. When access authorization is verified after the 
connection has been established, the process takes place 
concurrently with the normal flow of the call; the 
participants do not notice the access verification, but 

15 rather they are able to talk over the telephone in the 

normal manner, thus saving time. The same voice signals 
that are transmitted to the person called are analyzed 
for voice recognition and subscriber identification. This 
does not interfere with the transmission of voice signals 

2 0 between the conversation participants. Thus, in 

principle, any connection can be monitored for 
unauthorized use without interfering with the normal flow 
of telephone conversation by additionally entering access 
codes . 

25 

Several possibilities for voice recognition are known and 
can be used to implement the present invention. There are 
voice recognition algorithms for recognizing semantic 
content of speech that compare an actual voice sample 

3 0 with an already stored voice sample corresponding to a 

specific spoken word. In this context, the stored voice 
sample corresponds, for example, to a spoken word whose 
text representation is also stored. By determining a 
correspondence between the actual and the stored voice 
35 sample, it is possible to assign a textual 
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representation, e.g., in the form of an ASCII 
representation, to the actual voice input, thus in 
principle making it possible to recognize the content of 
a voice message. Such voice recognition units are used, 
5 for example, for the voice control of computers and the 

like . 

Typically, the future user inputs the stored voice sample 
during a training phase. The typical result is that, even 
10 in this case, only the actual voice input of this user 

can be reliably recognized by the voice recognition, 
since even voice samples of different users that have the 
same semantic content vary due to individual speech 
patterns . 

15 

This principle can also be used in a refinement of the 
present invention to verify access authorization for a 
telephone line. In this connection, the reference data 
records are reference voice samples corresponding to 

20 specific words spoken by one person, e.g., typical 

greetings, the first or last name of a person having 
authorized access or other expressions which frequently 
occur in a telephone conversation. These voice samples 
are recorded in a training phase and stored in digital 

2 5 form in a memory as a reference data record. In order to 

implement the method, the voice recognition algorithms 
analyze the recorded voice data for the occurrence of 
fragments, i.e., individual words or expressions that 
match the reference voice sample within a specified 

30 tolerance range. In this connection, it is not the 

semantic content of the reference or of the actual voice 
signal that is of significance, but rather the individual 
speech pattern of the authorized and the calling persons 
which is expressed in a specific characteristic pattern 

35 of the reference voice sample. 
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For this reason, another preferred embodiment does not 
provide for the use of an actual word recognition system 
like the one described above, but rather for the analysis 
of the input voice signals for speech patterns that are 
5 characteristic of the user regardless of their semantic 

content. The specific intonation, voice register, 
dialect, and the like, which cause the voice of a person 
to appear nearly unique to the human ear, are manifested 
in characteristic features of a voice sample taken from 

10 this person, e.g., a specific frequency distribution, 

which can be used to identify this person by electronic 
means. Therefore, according to the present invention, 
reference speech patterns, e.g., frequency patterns or 
amplitude patterns, which are characteristic of one 

15 person, are stored as reference data records. For 

example, they are obtained by statistical analysis of a 
voice sample using a corresponding voice recognition 
algorithm. To identify the actual voice sample recorded 
during a call, the voice recognition algorithms then 

20 create a corresponding speech pattern by statistically 

analyzing the sample. In this connection, statistical 
analysis primarily refers to a frequency analysis in 
which the tone and voice register of the speaker can be 
identified; dynamic analysis refers to the dynamics of 

25 the voice signal, i.e., the amplitude characteristic and, 

accordingly, a specific intonation. Both methods are 
suitable for identifying a speaker. This speech pattern 
is then compared with the reference speech patterns. It 
is determined whether the characteristic features of both 

30 patterns agree. In creating the reference speech pattern 

from a reference voice sample, it is important that the 
same voice recognition algorithm be used with which the 
actual voice sample is analyzed. 

35 The advantage of this variant is that the analysis of the 
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individual speech patterns makes a significantly more 
accurate identification of the speaking person possible 
than the search for specific words which, although 
individually characterized, may not always be reliably' 
5 detectable due to the shortness of the words. The first 

variant is particularly suited for access verification by 
entering a specific spoken password, while the second 
variant is particularly suited for covertly verifying the 
access authorization during an ongoing call. 

10 

The reference data records correspond to the group of 
authorized persons, e.g., all the employees of a company 
who must make telephone calls as part of their work 
activity. The reference data records are stored, for 
15 example, in a table of authorized names. In this context, 

one person can be authorized only for selected telephone 
numbers or types of connections, or authorization can 
change as a function of the time of day. 

2 0 The method according to the present invention can 

advantageously prevent the use of terminals for the 
placement of toll calls by persons not belonging to this 
authorized group, while any authorized person can place 
calls from any PBX line of the company. 

25 

In an additional advantageous refinement of the present 
invention, the access authorization is further 
differentiated according to PBX lines. The reference data 
record or reference data records are unambiguously 

30 assigned to a PBX line of a private branch exchange. The 

reference data record or reference data records, in turn, 
define the group of authorized persons, in this case for 
a single PBX line. This makes it possible to prevent 
persons authorized per se from placing telephone calls 

35 from other terminals. This is important in the event that 
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individual lines are cleared for interoffice calls but 
not for long distance calls, while this limitation does 
not exist for other PBX lines. 

5 In the event of an access verification during the 

connection, the voice signals are tapped during a 
predetermined time interval, e.g., 30 to 60 seconds, the 
recording starting in particular immediately after the 
connection is established. The voice sample is already 
10 analyzed during the tapping or at the end of the time 

interval . 

For reasons of data security and privacy, the recorded 
and possibly buffered voice sample is erased after the 

15 voice recognition is completed, if it was possible to 

assign the sample to a reference data record. However, in 
the case of unauthorized use, i.e., no automatic 
assignment can be made to a reference data record and, 
accordingly, to an authorized person, the voice data 

2 0 preferably remains stored. It can then be used to 

identify the speaker. 

In order to keep the expense for verifying access 
authorization as low as possible, it is advantageous if 

25 the method is implemented only at certain times of the 

day and/or week and/or only via specific call 
destinations, e.g., only for long-distance connections. 
The fixed network or mobile telephone line in question, 
or individual PBX lines of a fixed network line are then 

30 completely blocked or completely cleared for connections 

outside of these time periods or for other call 
destinations . 

Moreover, it is provided that the access verification by 
35 voice recognition is not implemented if, before a 
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connection is established, the user enters a key 
combination, e.g., a PIN code or an acoustic signal, 
e.g., a sequence of MFC signals, and has his 
authorization verified via this access code. 

5 

An additional advantageous refinement of the present 
invention provides that the number of unauthorized access 
attempts is recorded and the line is blocked if more than 
a predetermined number of such attempts is detected 
10 within a predetermined time interval, e.g., one day or 

one hour. In addition, an alarm can first be triggered 
via the network management system, and an operator can be 
switched in. 

15 Furthermore, the objective is achieved by a communication 

network having a plurality of fixed network lines or 
mobile telephone lines, as well as technical means for 
establishing a communication connection between two or 
more lines of the same or of a different communication 

20, network, including: 

a) means that are capable of accessing a data line 
via which voice signals are at least partially 
transmitted from the calling line to the called 
line, and that are capable of recording a voice 

25 signal transmitted by the calling line; 

b) at least one memory in which reference data 
records are stored which are assigned to a 
group of persons having access authorization; 

c) at least one control unit having a voice 

3 0 recognition unit which is capable of accessing 

the memory for the reference data records, 
analyzing the tapped voice signal via voice 
recognition algorithms, and determining the 
access authorization of the subscriber placing 

35 the call by comparison with the reference data 
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records, the control unit initiating the 
production of a signal to disconnect the 
connection if the voice signal cannot be 
assigned to any of the reference data records, 
5 characterized in that voice samples are recorded at 

regular time intervals during the entire communication 
connection, and the speaker's authorization is checked at 
regular time intervals. 

10 In this context, a communication network is understood to 

be the totality of all lines including the exchanges or 
conversion stations and possibly data lines and other 
intelligent switching and transmission devices. The 
elements involved in the present invention can, however, 

15 be arranged in only a small part of the network, e.g,, in 

a private branch exchange. The communication network 
according to the present invention advantageously makes 
it possible to verify the access authorization of users 
of individual lines and accordingly to implement the 

2 0 method according to the invention. 

In order to be able to utilize the voice signals in a 
detected case of abuse, to identify the unauthorized 
caller or for offline voice analysis, the communication 

2 5 network preferably has at least one memory in which the 

recorded voice signals are stored in intermediate memory 
as voice samples. 

According to the present invention, the verification of 

3 0 access authorization within the communication network can 

take place at various points within the network. If the 
access authorization of users of a private branch 
exchange is to be verified, the control unit and the 
reference data memory or possibly the voice sample memory 
3 5 are preferably arranged within the private branch 
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exchange. The control unit is, for example, part of a 
data processing system that logs the connections made by 
the individual PBX lines, blocks individual PBX lines on 
a time -dependent basis or for specific call destinations, 
5 and possibly requests a PIN code. 

Alternatively, the control unit and the corresponding 
memory locations are able to be located outside the 
customer area in an exchange in the actual telephone 

10 network. In this case, the reference data of the lines 

assigned to the exchange is stored in the reference data 
memory. Preferably, the reference data is stored in a 
line-specific manner, so that an authorized group of 
persons is defined for each line and is checked by the 

15 exchange. If the control unit is unable to assign the 

voice sample to any of the reference data records, it 
causes the exchange to generate a signal disconnecting 
the connection. In this manner, a common control unit can 
be used to centrally verify the access authorization of 

20 users of a plurality of lines in the exchange without 

requiring a modification of the lines on the customer 
side . 

Access verification can be further centralized by 
2 5 assigning the control unit and the corresponding memory 

to an SCP (Service Control Point) of an intelligent 
network and by the control unit causing the SCP to 
generate a signal interrupting the connection if the 
voice sample cannot be assigned to any of the reference 
30 data records. The so-called intelligent network is an 

open communications network, which is built on the 
traditional telephone network and makes various telephone 
services having new features possible, for example, toll- 
free calling using specific numbers or reaching various 
35 offices of a corporation using a dial number that is 
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identical over a larger region. The central computer 
containing the required switching information is known as 
the SCP. The transition from a telephone network of one 
network provider to that of a different network provider 
5 is also accomplished using structures similar to an IN. 

In addition, the method according to the present 
invention can also be advantageously used to check the 
authorization of a mobile terminal user. 

10 

For this purpose, a mobile terminal for 
telecommunications is proposed, including: 

a) means that are capable of accessing a data 

15 line, via which voice signals are transmitted 

in electronic form, and of recording an entered 
signal and a voice signal; 

b) at least one memory in which at least one or 
more reference data records are stored which 

2 0 are assigned to a group of persons having 

access authorization ; 

c) at least one control unit having a voice 
recognition unit which is capable of accessing 
the memory for the reference data records, 

25 analyzing the tapped voice signal via voice 

recognition algorithms, and of determining the 
access authorization of the subscriber placing 
the call by comparison with the reference data 
records, the control unit initiating the 

30 production of a signal to disconnect the 

connection or causing the terminal to shut off 
if the voice signal cannot be assigned to any 
of the reference data records, 
characterized in that voice samples are recorded at 

35 regular time intervals during the entire communication 
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connection, and the speaker's authorization is checked at 
regular time intervals. 

The reference data record (s) is/are preferably stored on 
5 the chip of a mobile telephone card. The owner of the 

mobile telephone preferably provided the voice sample 
necessary for this purpose when purchasing the mobile 
telephone card. Therefore, a lost mobile telephone is, in 
principle, operable, but the mobile telephone card is 
10 only operable as a function of the correct speech 

pattern. This can prevent calls from continuing to be 
made on a lost mobile telephone at the owner's expense. 

Brief description of the drawing in which: 

Figure 1 schematically shows the sequence of 

operations of the method according to the 
present invention; 
Figure 2 shows an additional flowchart of the 

method according to the present invention; 
Figures 3-5 show examples of communication networks 

for implementing the method according to 
the present invention. 

25 The sequence of operations of the method according to the 

present invention is schematically shown in Figure 1. At 
the start of the method, subscriber A calls a destination 
number. The connection is established as soon as 
subscriber B answers. Typically, both subscribers begin 

3 0 to speak. The voice signals of subscriber A are 

automatically tapped and analyzed, the analysis lasting a 
predetermined time span, approximately 3 0 seconds to one 
minute. A interoffice trunk, via which the voice signals 
between both users are transmitted, is accessed without 

35 interfering with the transmitted signal, so that the 
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access verification does not affect the conversation. 

The voice signal of subscriber A is analyzed, i.e., 
compressed by voice recognition algorithms, the 
5 thus-produced speech pattern being compared with 

reference data records stored in a table of authorized 
names. If the actual voice signal can be assigned to one 
of the reference data records, then the subscriber is 
considered to be authorized and entitled to call. In this 
10 context, the table of authorized persons can refer 

specifically to the line as a whole or to a PBX line 
and/or it may be t ime- dependent . 

If subscriber A is approved, then the connection is 
15 maintained until the end of the call . In the simplest 

case, no additional check is made. To further increase 
security against abuse, the process is repeated at 
regular time intervals, i.e., the voice signal of 
subscriber A is analyzed again. 

20 

If the subscriber is identified as unauthorized, because 
his voice signal cannot be assigned to an entry in the 
table of authorized persons, the connection is 
interrupted in the simplest case by generating a 

2 5 interrupting signal or by briefly deactivating the 

terminal. In principle, it is possible to establish a new 
connection immediately after the connection is 
terminated . 

3 0 To counteract persistent attempts at unauthorized use, it 

is also possible to record the number of attempts at 
unauthorized use within a specific time interval and to 
set a critical value for the maximum number to be 
tolerated. If the number of attempts at unauthorized use 
35 exceeds this value, a total block of the line is 
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automatically initiated. The line can then only be 
enabled again after a specific waiting period or by the 
entering an enabling code. In addition, as in the case of 
a normal termination due to unauthorized use, an alarm 
5 signal can be produced at the telephone itself or at a 

PBX operator desk. 

Figure 2 shows an additional flowchart of the method 
according to the present invention. Before the method is 

10 initiated, all users of the telephone line to be 

protected against abuse enter voice samples into the 
system. The voice recognition unit or a speech pattern 
recognition system extracts the subscribers ' speech 
patterns and stores them, compressed by a voice 

15 recognition algorithm, in memory as reference data. The 

reference speech patterns are, thus, available for online 
recognition at the facilities of the network provider, in 
a private branch exchange, or on the calling card of a 
mobile telephone. 

20 

The process begins once a caller initiates a call from a 
telephone, the telephone connection is established by the 
network provider, and the telephone conversation is 
started. At the same time as the telephone call, the 
25 speech pattern recognition is initiated to determine the 

speech pattern of the caller. This speech pattern 
determined for the caller from the telephone call is 
compared with the reference stored for this line or on 
the calling card of a mobile telephone. 

30 

If a speech pattern is recognized, i.e., the actual voice 
signal matches a reference, the speech pattern 
recognition for this connection is discontinued, and the 
computer capacity can be used to analyze other calls. 
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If no speech pattern is recognized, the call is 
interrupted to protect the customer from financial loss. 
When a mobile telephone is used with a calling card, the 
call is always terminated. If necessary, the customer can 
5 be provided with a log of the attempt at unauthorized use 

in order to identify the person using the telephone 
without authorization . 



Figures 3 through 5 show three possibilities for 
10 implementing the method according to the present 

invention in a communications network. 



For this purpose, Figure 3A shows a private branch 
exchange (PBX) , which is connected to a public switched 

15 telephone network. The private branch exchange (PBX) has 

a plurality of extension stations, of which three are 
shown here. The access authorization of the users of the 
individual extension stations is to be monitored 
according to the present invention. For this purpose, an 

20 IP (intelligent peripheral) is assigned to the private 

branch exchange (PBX) , the IP being capable of accessing 
the telephone line via which signals are transmitted from 
one extension station to an additional line outside the 
private branch exchange, and of recording and storing the 

25 signals entered by the extension station user. In 

addition, the IP has a voice recognition unit that is 
capable of analyzing the recorded voice signal and 
comparing it with previously stored reference data 
records. In addition, the IP is also capable of accessing 

3 0 the reference data record memory. In this case, either 

specific reference data records are assigned to each 
extension station, the reference data records being 
assigned to the users of this extension station, or the 
table of authorized persons contains all potential users 

35 of the entire private branch exchange irrespective of the 
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actual PBX line . 



10 



If the IP cannot match the actual voice sample to any of 

the reference data records, it applies a suitable control 

signal to induce the private branch exchange (PBX) to 

generate a signal interrupting the connection. As a 

result, the connection of a PBX line to a user in the 

public switched telephone network via the private branch 
exchange is interrupted. 

Figure 3B shows an example for the implementation of 
person- specif ic assignment of charges by voice 
recognition in a private branch exchange. 

15 In the private branch exchange, in the case of procedural 

authentication, i.e., voice recognition before a 
connection is established, all calls originating from the 
terminals connected to PBX lines (ports 22 to 28) are 
redirected to one port (port 21 in the illustrated 

2 0 example) . This redirection is performed by the control 

unit of the private branch exchange. The relevant 
programs are stored, for example, in a memory module, an 
EEPROM in this case. A digital signal processor (DSP) 
having suitable voice recognition software and, 

25 optionally, voice recognition hardware is connected to 

port 21. If the identification is positive, it relays the 
signal to the private branch exchange via the customary 
control functions, i.e., either via the line, a V.24 
interface, or another management interface. The 

30 thus-verified calls are switched from the private branch 

exchange (PBX) to the interexchange trunk and form an 
outgoing call . The billing information for 

person-specific cost assignment is fed directly into the 
billing system. 

35 
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In the case of online recognition of the speaker, the 
call is already set up; however, as in the case of 
"bugging" a call, the call information is serially routed 
through the DSP. The DSP analyzes the speech without 
5 interfering with the transmission and relays 

corresponding information to the private branch exchange 
or the billing system. 

Figure 4A shows an arrangement of control unit IP 
10 corresponding to the arrangement of Figure 3A in an 

exchange. A connection from the subscriber line to an 
additional line in the public switched telephone network 
is established via this exchange. Physically and 
organizationally, the exchange is assigned to the 
15 subscriber line; however, it is not necessarily located 

in its immediate vicinity. Aside from the different 
physical arrangement of the IP, the access verification 
is performed here in the same manner as described above. 
The difference is that no intelligent devices for voice 
2 0 recognition and for speech storage need to be provided on 

the subscriber side, since these are centrally integrated 
in the exchange. 

Figure 4B shows an example for the implementation of 
25 access verification by voice recognition in an exchange 

of a telephone network. 

Voice recognition system IP can be implemented in a 
computer, for example in the form of a plug- in module in 
30 the exchange. Calls for which the speaker is to be 

identified are routed from the exchange through the IP. 

Voice recognition is implemented either in dialog form, 
i.e., an authentication procedure is executed as 
35 described above in Figure 3B, or else the voice is 
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recognized online. In the latter case, the speech pattern 
is checked during the conversation in progress and 
characteristics of the speech of speaking user A are 
compared with the stored patterns. In this case, the call 
5 is tapped, so to speak, by the IP without interfering 

with it . 

One possible structure for the authentication procedure 
is a dial-in into the DSP of the IP. For this purpose, 

10 the telephone channel is routed to an input of the IP. At 

this point, subscriber A is asked by the software of an 
intelligent voice response system to state his name or 
his identifier. After that, he is asked for his password 
or his personal identification number PIN. The data is 

15 compared with the identifier stored in memory, and the 

speech pattern is compared with the stored patterns 
either using frequency spectra or speech dynamics. In the 
dialog form, the implementation of voice recognition is 
very simple, since the identifier is made up of precisely 

20 defined words, which were previously entered. 

After authentication in the IP, the customer is directed 
to a menu that requests that he enter the desired 
telephone numbers. These are recorded as in conventional 

25 messaging or voice response systems, converted into pulse 

or MFC dialing information, and sent into the network, or 
they are relayed to the exchange as signals in the format 
of signaling system No. 7 (Common Channel Number 7, 
CCS7) . The exchange then initiates the connection to 

30 subscriber B. The use of CCS7 signals permits faster 

processing and more features, namely all those 
implemented in CCS7 and cleared for the IP. 

The information concerning the speaker, i.e., the 
35 identified reference data record, is sent as control 
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information to the exchange via the CCS7 , and generates 
an alarm in the network management system. The network 
management system can also generate a corresponding alarm 
message regarding call data records, so that the billing 
5 system also receives appropriate information. 

The speaker- identifying data records produced in this way 
are used for access verification; however, they can also 
be used for billing a call. The corresponding procedures 
10 are described in the flowcharts. 

When recognizing continuous speech, the system preferably 
concentrates on the essential characteristics of the 
language. To be sure, key words such as "good morning, 
15 hello," etc. can be considered in the entry procedure; 

however, in principle, it is necessary to store speaker- 
specific characteristics, irrespective of which language 
and with whom the user is speaking. For this purpose, the 
algorithm can use static methods such as frequency 

2 0 spectrum analysis, as well as dynamic speech 

characteristics . 

Figure 4C shows an additional example of the method 
according to the present invention implemented in an 

25 exchange. The subscriber unit (subscriber card) of 

subscriber A recognizes whether the subscriber has 
provided voice recognition for access verification. The 
central processing unit CPU of the exchange initiates the 
appropriate routing through the switching matrix, the 

30 actual switching unit. As a result, the call is not 

routed directly to subscriber B or to the next exchange, 
but rather it is first routed through an intelligent 
peripheral IP having a digital signal processor (DSP) . 
The output port of the IP is routed through the switching 

3 5 matrix to subscriber B or to the next exchange. 
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All control information and, accordingly, also the result 
of the voice recognition are compared in the exchange 
having the central processing unit CPU. 

5 The IP can also include several voice recognition units 

or DSPs and, thus, analyze several lines simultaneously. 
The information concerning the usage of the IP and 
concerning the analytical results is transmitted to the 
CPU. 

10 

Figure 5 shows the implementation of the method according 
to the present invention in the service control point SCP 
of an intelligent network. 

15 When implemented in the IN, the voice data is routed via 

an ISDN channel to voice recognition unit IP, which is 
located at the site of the SCP. Control information, for 
example, whether the calling line is using voice 
recognition for monitoring abuse, results from the voice 

2 0 analysis, and the like are then exchanged between the SCP 

and the service switching point SSP, which is located at 
the site of the exchange. 

Implementing the method according to the present 
25 invention in the centrally structured IN makes it 

possible to centrally implement voice-based abuse control 
over a large network area, i.e., a plurality of lines. 
This eliminates the need for expensive software and 
hardware equipment in the exchanges; only the IN must be 
30 adapted. This implementation is, therefore, suitable in 

particular for cases of low demand or in the introductory 
phase, i.e., it is not yet worthwhile to equip each 
exchange . 

35 Industrial Applicability 
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The present invention is suitable, in particular, for 
operators of communication networks to increase the 
security of voice telephony customers against abuse. 
Moreover, the present invention is particularly suitable 
5 for operators of private branch exchanges where the 

problem of unauthorized access is encountered on a 
regular basis . 
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Claims 

1. A method of verifying access authorization for voice 
telephony in a fixed network line or mobile 
telephone line, where 

before or after the communication connection to 
the subscriber being called is established, 
voice signals of the subscriber placing the 
call are analyzed via voice recognition 
algorithms and compared with a reference data 
record or several reference data records for 
purposes of assignment, the voice signals of 
the subscriber placing the call being relayed 
to the subscriber being called if the 
communication connection already exists; and 
if the voice signals cannot be assigned to a 
reference data record, the communication 
connection is not established or is 
automatically interrupted, and/ or an alarm 
signal is generated, 
characterized in that 

a) voice signals of the subscriber placing the 
call are recorded before or after the 
communication connection to the subscriber 
being called is established; 

b) the reference data record (s) is/are assigned to 
the fixed network line or mobile telephone line 
in an unambiguous manner; and 

c) voice samples are recorded at regular time 
intervals during the entire communication 
connection, and the speaker's authorization is 
checked at regular time intervals. 

2. The method as recited in Claim 1, characterized in 
that the reference data records are reference voice 
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samples corresponding to specific words spoken by a 
person, and the voice recognition algorithms analyze 
the recorded voice sample for the occurrence of 
parts that match the reference voice sample within a 
specified tolerance range. 

3. The method as recited in Claim 1 or 2 , characterized 
in that the reference data records correspond to 
reference speech patterns which are independent of 
semantic content and are characteristic of one 
person, e.g., of a specific frequency distribution 
of spoken language, and in that the voice 
recognition algorithms create a corresponding speech 
pattern from the recorded voice sample by 
statistically analyzing the latter, the 
corresponding speech pattern being compared with the 
reference speech patterns. 

4. The method as recited in Claim 1 or 2, characterized 
in that the reference data record (s) is/are assigned 
to a PBX line of a private branch exchange in an 
unambiguous manner . 

5. The method as recited in one of the preceding 
claims, characterized in that 

the voice sample is recorded during a predetermined 
time interval after the initiation of the 
communication connection, and the recording is 
terminated at the conclusion of the communication 
connection . 

6. The method as recited in one of the preceding 
claims, characterized in that 

the voice sample stored in intermediate memory is 
erased after the completion of step b) or after the 
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communication connection is terminated, provided the 
voice sample was able to be assigned to a reference 
data record, and otherwise continues to be stored. 

7. The method as recited in one of the preceding 
claims, characterized in that 

it is only implemented at predetermined times of the 
day and/or week and/or only for predetermined call 
destinations, the line being completely blocked or 
being completely cleared for connections outside of 
these times and/or for other call destinations. 

8. The method as recited in one of the preceding 
claims, characterized in that 

the method is not implemented if an access 
authorization is verified by entering a key 
combination (PIN code) and/or an acoustic signal 
\ before the start of the communication connection. 

9 . The method as recited in one of the preceding 
claims, characterized in that 

the number of attempts at unauthorized access is 
recorded, and the line is blocked if more than a 
predetermined number of such attempts is recognized 
within a predetermined time interval . 

10 . A communication network having a plurality of fixed 
network lines or mobile telephony lines, as well as 
technical means- for establishing a communication 
connection between two or more lines of the same or 
another communication network, including: 

a) means that are capable of accessing a data line 
via which voice signals are at least partially 
transmitted from the calling line to the called 
line, and that are capable of recording a voice 
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signal transmitted by the calling line; 

b) at least one memory in which reference data 
records are stored which are assigned to a 
group of persons having access authorization; 

c) at least one control unit having a voice 
recognition unit which is capable of accessing 
the memory for the reference data records, 
analyzing the tapped voice signal via voice 
recognition algorithms, and determining the 
access authorization of the subscriber placing 
the call by comparison with the reference data 
records, the control unit initiating the 
production of a signal to interrupt the 
connection if the voice signal cannot be 
assigned to any of the reference data records, 

characterized in that voice samples are recorded at 
regular time intervals during the entire 
communication connection, and in that the speaker's 
authorization is checked at regular time intervals. 

11. The communication network as recited in Claim 10, 
characterized in that the control unit and memory 
are arranged within a telephone system, a private 
branch exchange in particular, the stored reference 
data records corresponding to reference voice 
samples or reference speech patterns of individual 
extension station users having access authorization. 

12. The communication network as recited in Claim 10, 
characterized in that the control unit and memory 
are assigned to an exchange, the reference data of 
the lines assigned to the exchange being stored in 
the memory, and in that the control unit causes the 
exchange to generate a signal interrupting the 
connection, or an alarm if the voice signal cannot 
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be assigned to any of the reference data records. 

13. The communication network as recited in Claim 10, 
characterized in that the control unit and memory 
are assigned to an SCP (Service Control Point) of an 
intelligent network, and the control unit causes the 
SCP to generate a signal interrupting the 
connection, or an alarm if the voice sample cannot 
be assigned to any of the reference data records. 

14. A mobile terminal for telecommunications, including: 

a) means that are capable of accessing a data line 
via which voice signals are transmitted in 
electronic form and of recording an entered 
signal and a voice signal ; 

b) at least one memory in which at least one or 
more reference data records are stored which 
are assigned to a group of persons having 
access authorization; 

c) at least one control unit having a voice 
recognition unit which is capable of accessing 
the memory for the reference data records, 
analyzing the tapped voice signal via voice 
recognition algorithms, and of determining the 
access authorization of the subscriber placing 
the call by comparison with the reference data 
records, the control unit initiating the 
production of a signal to interrupt the 
connection or causing the terminal to shut off 
if the voice signal cannot be assigned to any 
of the reference data records, 

characterized in that voice samples are recorded at 
regular time intervals during the entire 
communication connection, and the speaker's 
authorization is checked at regular time intervals. 
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METHOD FOR VERIFYING ACCESS AUTHORIZATION FOR VOICE 
TELEPHONY IN A FIXED NETWORK LINE OR MOBILE TELEPHONE 
LINE AS WELL AS A COMMUNICATIONS NETWORK 



Field of the Invention 



The present invention relates to a method for verifying 
access authorization for voice telephony in a fixed 
5 network line or mobile telephone line as well as a 

communications network having such access authorization 
verification . 



Background of the Invention 

10 

In the case of private branch exchanges (PBXs) for 
telecommunications having a large number of extension 
stations used by different persons, but also in the case 
of mobile terminals such as cell phones, there exists the 

15 problem of abuse by unauthorized third parties or by 

unauthorized employees of a company. For example, 
personal conversations are frequently held via PBX lines 
of large corporations at the employer's expense. 
Moreover, when telephone calls are made from a stolen or 

2 0 lost mobile telephone, the account of the lawful owner is 

always charged without the owner being able to directly 
prevent this . 



To prevent unauthorized use in private branch exchanges, 

2 5 methods are known in which the user of a terminal must 

enter an access code to be able to make an interoffice 
call and/or to dial specific outside numbers. In these 
methods, the subscriber enters a personal access code 
(PIN) via the keypad of the terminal, the access code 

3 0 being evaluated by the private branch exchange and 

compared with a table of authorized names. This method 
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also makes it possible to allocate the incurred charges 
to specific individuals. Once the subscriber's 
authorization has been established in this manner, the 
corresponding PBX line is enabled to establish an 
5 interoffice or long-distance connection. 

However, due to the additional time required, this method 
of entering a code before each call is very cumbersome 
and is not practical for PBX lines from which many calls 
10 are made regularly, e.g., a secretary's office or a 

senior executive's office. For that reason, such lines 
are frequently exempted from the access verification so 
that any person can call from them at any time and the 
problem of unauthorized use persists. 

15 

An additional known method is to detect unauthorized use 
after the fact by analyzing the call durations, the 
direction, and the subscriber or the number called. For 
this purpose, the private branch exchange logs the calls 

20 made, the call destinations, call duration, and the 

associated PBX line. A similar verification takes place 
in the network management system of a public switched 
telephone network. For example, all calls lasting longer 
than a predetermined duration are checked for the call 

25 destination later or during the connection. An 

unauthorized use can be detected if the call destination 
cannot be assigned to a predetermined group of telephone 
numbers, which, for example, are assigned to the 
company's customers. Individual PBX lines such as those 

3 0 of senior executives can be exempted from checking for 

unauthorized use in this case also. 

However, even with this type of checking for unauthorized 
use, only line - specif ic determination of an unauthorized 
35 use is possible. Those cases in which the same person 

improperly uses different terminals without authorization 
cannot be detected. Moreover, the unauthorized use can 
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only be detected after the fact; an unauthorized call 
cannot be prevented. 

U.S. Patent 5,623,539 relates to a device and a method 
5 for monitoring a telephone connection for unauthorized 

use. For this purpose, voice samples of all of the 
persons who are authorized to use the telephone 
connection are stored. During a conversation conducted 
over the telephone connection, the transmitted voice data 

10 is tapped and broken down via suitable means into 

individual voice samples, each of the thus-obtained voice 
samples corresponding to the voice of one of the 
conversation participants. These voice samples taken from 
the telephone conversation are compared to the stored 

15 voice samples. The telephone connection is only accepted 

as authorized when a sufficient match between at least 
one of the stored voice samples and at least one of the 
voice samples obtained from the telephone conversation is 
determined . 

20 

U.S. Patent 5,093,855 relates to a method and a device 
for speaker recognition in a telephone switching 
exchange, where tapped speech samples are supplied via 
the telephone line to the exchange, where they are 
2 5 compared to previously stored speech samples. If the 

speaker is recognized, a first signal is emitted, 
otherwise, a second signal is emitted. 

The publication "Speaker Identity Verification over 
30 Telephone Lines: Where we are and where we are going" by 

T.C. Feustel and G.A. Velius, International Carenaham 
Conference, Zurich 1989, addresses voice recognition and 
the security, e.g., against unauthorized telephone use, 
that it can provide. In this context, the possibility to 
35 increase security by combining voice recognition and the 

use of passwords or PINs is also mentioned. 
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Summary of the Invention 

The present invention provides a method for verifying 
5 access authorization for voice telephony that does not 

hamper the normal use of telephones and permits direct 
detection of attempts at unauthorized use and prevents 
them if necessary. In particular, the method of the 
present invention provides a method for verifying access 
10 authorization for voice telephone in a fixed network or 

mobile telephone line by voice recognition. 

According to an embodiment of the present invention, 
voice signals of a subscriber placing a call are recorded 

15 before or after the communication connection to the 

subscriber being called is set up. For example, the 
subscriber can be automatically prompted to acoustically 
provide a password after dialing the outside number, but 
before the connection is established. Alternatively or in 

2 0 addition to this embodiment, the voice signals can be 

recorded during the course of the call, the voice signals 
of the subscriber placing the call being relayed 
concurrently to the subscriber called so that the 
communication is not disturbed. In both cases, the voice 

25 signal of the subscriber placing the call is analyzed by 

voice recognition algorithms and compared with a 
reference data record or several reference data records 
for purposes of assignment. The reference data record (s) 
is/are assigned to the fixed network line or mobile 

30 telephone line in an unambiguous manner; in particular, 

they define the group of persons having authorized 
access. According to the present invention, the 
communication connection can be automatically 
disconnected or not established and/or an alarm can be 

35 triggered, if the recorded voice sample cannot be 

assigned to any reference data record. Otherwise, the 
communication connection can be maintained or established 
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in the customary manner. 

In a further embodiment, the voice recognition can take 
place after the start of the communication connection 
5 online, i.e., directly during the communication 

connection. As with line tapping by police or 
intelligence services, the voice signals of the 
subscriber placing the call are tapped from the data line 
and supplied to a voice recognition unit, which analyzes 

10 them online. The voice data is transmitted concurrently 

to the person called. If the voice recognition unit is 
able to make an assignment to a reference data record, 
the analysis of the voice signal is terminated, and the 
data processing capacity of the voice recognition unit is 

15 available for identifying additional callers. 

As an alternative to voice recognition during the 
connection, the speaker can be assigned to a billing 
account before the connection is established as part of 
an authentication procedure that the speaker must 
undergo. In this case, the telephone user is requested to 
provide a voice sample, and the connection is only 
established once the voice sample has been identified and 
the speaker is identified as authorized. 

In addition to online voice recognition, the voice signal 
of the subscriber placing the call can also be recorded 
and stored in intermediate memory as a voice sample. The 
stored voice sample is then analyzed during or after the 
communication connection . 

In embodiments of the present invention, it is not 
necessary to perform the cumbersome action of entering a 
password manually before the communication connection is 
35 established, but rather access is established and/or 

maintained by voice control. When access authorization is 
verified after the connection has been established, the 
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process takes place concurrently with the normal flow of 
the call; the participants do not notice the access 
verification, but rather they are able to talk over the 
telephone in the normal manner, thus saving time. The 
5 same voice signals that are transmitted to the person 

called are analyzed for voice recognition and subscriber 
identification. This does not interfere with the 
transmission of voice signals between the conversation 
participants. Thus, in principle, any connection can be 
10 monitored for unauthorized use without interfering with 

the normal flow of telephone conversation by additionally 
entering access codes . 



Several possibilities for voice recognition are known and 
15 can be used to implement the present invention. There are 

voice recognition algorithms for recognizing semantic 
content of speech that compare an actual voice sample 
with an already stored voice sample corresponding to a 
specific spoken word. In this context, the stored voice 

2 0 sample corresponds, for example, to a spoken word whose 

text representation is also stored. By determining a 
correspondence between the actual and the stored voice 
sample, it is possible to assign a textual 
representation, e.g., in the form of an ASCII 
25 representation, to the actual voice input, thus in 

principle making it possible to recognize the content of 
a voice message. Such voice recognition units are used, 
for example, for the voice control of computers and the 
like. 

30 

Or, the future user inputs the stored voice sample during 
a training phase. Thus, only the actual voice input of 
this user may be reliably recognized by the voice 
recognition, since even voice samples of different users 

3 5 that have the same semantic content vary due to 

individual speech patterns . 
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This technique can also be used in a refinement of the 
present invention to verify access authorization for a 
telephone line. In this connection, the reference data 
records are reference voice samples corresponding to 
specific words spoken by one person, e.g., typical 
greetings, the first or last name of a person having 
authorized access or other expressions which frequently 
occur in a telephone conversation. These voice samples 
are recorded in a training phase and stored in digital 
form in a memory as a reference data record. In order to 
implement the method, the voice recognition algorithms 
analyze the recorded voice data for the occurrence of 
fragments, i.e., individual words or expressions that 
match the reference voice sample within a specified 
tolerance range. In this connection, it is not the 
semantic content of the reference or of the actual voice 
signal that is of significance, but rather the individual 
speech pattern of the authorized and the calling persons 
which is expressed in a specific characteristic pattern 
of the reference voice sample. 

Another embodiment of the present invention also provides 
for the analysis of the input voice signals for speech 
patterns that are characteristic of the user regardless 
of their semantic content. The specific intonation, voice 
register, dialect, and the like, which cause the voice of 
a person to appear nearly unique to the human ear, are 
manifested in characteristic features of a voice sample 
taken from this person, e.g., a specific frequency 
distribution, which can be used to identify this person 
by electronic means. Therefore, according to the present 
invention, reference speech patterns, e.g., frequency 
patterns or amplitude patterns, which are characteristic 
of one person, are. stored as reference data records. For 
example, they can be obtained by statistical analysis of 
a voice sample using a corresponding voice recognition 
algorithm. To identify the actual voice sample recorded 
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during a call, the voice recognition algorithms then 
create a corresponding speech pattern by statistically 
analyzing the sample. In this connection, statistical 
analysis primarily refers to a frequency analysis in 
5 which the tone and voice register of the speaker can be 

identified; dynamic analysis refers to the dynamics of 
the voice signal, i.e., the amplitude characteristic and, 
accordingly, a specific intonation. Both methods are 
suitable for identifying a speaker. This speech pattern 

10 is then compared with the reference speech patterns. It 

is determined whether the characteristic features of both 
patterns agree. In creating the reference speech pattern 
from a reference voice sample, the same voice recognition 
algorithm is used as that which with the actual voice 

15 sample is analyzed. 

In this embodiment of the present invention, the analysis 
of the individual speech patterns can make a 
significantly more accurate identification of the 

20 speaking person possible than the search for specific 

words which, although individually characterized, may not 
always be reliably detectable due to the shortness of the 
words. The first variant is particularly suited for 
access verification by entering a specific spoken 

25 password, while the second variant is particularly suited 

for covertly verifying the access authorization during an 
ongoing call. 

In a further embodiment, the reference data records 
30 correspond to the group of authorized persons, e.g., all 

the employees of a company who must make telephone calls 
as part of their work activity. The reference data 
records are stored, for example, in a table of authorized 
names. In this context, one person can be authorized only 
35 for selected telephone numbers or types of connections, 

or authorization can change as a function of the time of 
day . 
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The method according to the present invention can further 
prevent the use of terminals for the placement of toll 
calls by persons not belonging to this authorized group, 
while any authorized person can place calls from any PBX 
5 line of the company. 

In another embodiment of the present invention, the 
access authorization can further differentiated according 
to PBX lines. The reference data record or reference data 
records are unambiguously assigned to a PBX line of a 
private branch exchange. The reference data record or 
reference data records, in turn, define the group of 
authorized persons, in this case for a single PBX line. 
This makes it possible to prevent persons authorized per 
se from placing telephone calls from other terminals. 
This is useful in the event that individual lines are 
cleared for interoffice calls but not for long distance 
calls, while this limitation does not exist for other PBX 
lines . 

In the event of an access verification during the 
connection, the voice signals can be tapped during a 
predetermined time interval, e.g., 30 to 60 seconds, the 
recording starting in particular immediately after the 
connection is established. The voice sample is already 
analyzed during the tapping or at the end of the time 
interval . 

For reasons of data security and privacy, the recorded 
30 and possibly buffered voice sample is erased after the 

voice recognition is completed, if it was possible to 
assign the sample to a reference data record. However, in 
the case of unauthorized use, i.e., no automatic 
assignment can be made to a reference data record and, 
35 accordingly, to an authorized person, the voice data 

preferably remains stored. It can then be used to 
identify the speaker. 
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In order to keep the expense for verifying access 
authorization as low as possible , the method can be 
implemented only at certain times of the day and/or week 
5 and/or only via specific call destinations, e.g., only 

for long-distance connections. The fixed network or 
mobile telephone line in question, or individual PBX 
lines of a fixed network line are then completely blocked 
or completely cleared for connections outside of these 
10 time periods or for other call destinations. 

Moreover, it is provided that the access verification by 
voice recognition is not implemented if,, before a 
connection is established, the user enters a key 
15 combination, e.g., a PIN code or an acoustic signal, 

e.g., a sequence of MFC signals, and has his 
authorization verified via this access code. 

A further embodiment of the present invention provides 
20 that the number of unauthorized access attempts is 

recorded and the line is blocked if more than a 
predetermined number of such attempts is detected within 
a predetermined time interval, e.g., one day or one hour. 
In addition, an alarm can first be triggered via the 
2 5 network management system, and an operator can be 

switched in . 

A further embodiment of the present invention can involve 
a communication network having a plurality of fixed 

30 network lines or mobile telephone lines, as well as 

technical means for establishing a communication 
connection between two or more lines of the same or of a 
different communication network, including: 
a) means that are capable of accessing a data line via 

35 which voice signals are at least partially 
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transmitted from the calling line to the called 
line, and that are capable of recording a voice 
signal transmitted by the calling line; 

b) at least one memory in which reference data records 
5 are stored which are assigned to a group of persons 

having access authorization; and 

c) at least one control unit having a voice recognition 
unit which is capable of accessing the memory for 
the reference data records, analyzing the tapped 

10 voice signal via voice recognition algorithms, and 

determining the access authorization of the 
subscriber placing the call by comparison with the 
reference data records, the control unit initiating 
the production of a signal to disconnect the 
15 connection if the voice signal cannot be assigned to 

any of the reference data records, 
so that voice samples are recorded at regular time 
intervals during the entire communication connection, and 
the speaker's authorization is checked at regular time 
20 intervals. 

In this context, a communication network can be 
understood to be the totality of all lines including the 
exchanges or conversion stations and possibly data lines 

25 and other intelligent switching and transmission devices. 

The elements involved in the present invention can, 
however, be arranged in only a small part of the network, 
e.g., in a private branch exchange. The communication 
network according to the present invention advantageously 

30 makes it possible to verify the access authorization of 

users of individual lines and accordingly to implement 
the method according to the invention. 

In order to be able to utilize the voice signals in a 
35 detected case of abuse, to identify the unauthorized 
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caller or for offline voice analysis, the communication 
network may have at least one memory in which the 
recorded voice signals are stored in intermediate memory 
as voice samples. 

5 

According to the present invention, the verification of 
access authorization within the communication network can 
take place at various points within the network. If the 
access authorization of users of a private branch 

10 exchange is to be verified, the control unit and the 

reference data memory or possibly the voice sample memory 
can be arranged within the private branch exchange. The 
control unit can be, for example, part of a data 
processing system that logs the connections made by the 

15 individual PBX lines, blocks individual PBX lines on a 

time -dependent basis or for specific call destinations, 
and possibly requests a PIN code. 

Alternatively, the control unit and the corresponding 
2 0 memory locations can be located outside the customer area 

in an exchange in the actual telephone network. In this 
case, the reference data of the lines assigned to the 
exchange can be stored in the reference data memory. 
Preferably, the reference data is stored in a line- 
25 specific manner, so that an authorized group of persons 

is defined for each line and is checked by the exchange. 
If the control unit is unable to assign the voice sample 
to any of the reference data records, it causes the 
exchange to generate a signal disconnecting the 
30 connection. In this manner, a common control unit can be 

used to centrally verify the access authorization of 
users of a plurality of lines in the exchange without 
requiring a modification of the lines on the customer 
side . 
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Access verification can be further centralized by 
assigning the control unit and the corresponding memory 
to an SCP (Service Control Point) of an intelligent 
network and by the control unit causing the SCP to 
generate a signal interrupting the connection if the 
voice sample cannot be assigned to any of the reference 
data records. The so-called intelligent network is an 
open communications network, which is built on the 
traditional telephone network and makes various telephone 
services having new features possible, for example, toll- 
free calling using specific numbers or reaching various 
offices of a corporation using a dial number that is 
identical over a larger region. The central computer 
containing the required switching information is known as 
the SCP. The transition from a telephone network of one 
network provider to that of a different network provider 
is also accomplished using structures similar to an IN. 

In addition, the method according to the present 
invention can also be used to check the authorization of 
a mobile terminal user. For this purpose, a mobile 
terminal for telecommunications is proposed, including: 

a) means that are capable of accessing a data line, via 
which voice signals are transmitted in electronic 
form, and of recording an entered signal and a voice 
signal ; 

b) at least one memory in which at least one or more 
reference data records are stored which are assigned 
to a group of persons having access authorization; 
and 

c) at least one control unit having a voice recognition 
unit which is capable of accessing the memory for 
the reference data records, analyzing the tapped 
voice signal via voice recognition algorithms, and 
of determining the access authorization of the 
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subscriber placing the call by comparison with the 
reference data records, the control unit initiating 
the production of a signal to disconnect the 
connection or causing the terminal to shut off if 
5 the voice signal cannot be assigned to any of the 

reference data records, 
so that voice samples are recorded at regular time 
intervals during the entire communication connection, and 
the speaker's authorization is checked at regular time 
10 intervals. 



The reference data record (s) can be stored on the chip of 
a mobile telephone card. The owner of the mobile 
telephone can provide the voice sample necessary for this 

15 purpose when purchasing the mobile telephone card. 

Therefore, a lost mobile telephone is, in principle, 
operable, but the mobile telephone card is only operable 
as a function of the correct speech pattern. This can 
prevent calls from continuing to be made on a lost mobile 

2 0 telephone at the owner's expense. 



Brief Description of the Drawincrs 
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Figure 1 

Figure 2 
Figure 3a 
Figure 3b 
Figure 4a 
Figure 4b 



shows a schematic of the sequence of 
operations of an embodiment of the present 
invention; 

shows a flowchart of another embodiment of 
the present invention; 

shows a communication network used with an 

embodiment of the present invention; 

shows a communication network used with an 

embodiment of the present invention; 

shows a communication network used with an 

embodiment of the present invention; 

shows a communication network used with an 
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embodiment of the present invention; 



Figure 4c 



shows a communication network used with an 



embodiment of the present invention; and 



Figure 5 



show a communication network used with an 



embodiment of the present invention. 
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Detailed Description 

Figure 1 schematically shows a sequence of operations of 
an embodiment of the method of the present invention. At 
the start of the method, subscriber A calls a destination 
number. The connection is established as soon as 
subscriber B answers. Typically, both subscribers begin 
to speak. The voice signals of subscriber A are 
automatically tapped and analyzed, the analysis lasting a 
predetermined time span, approximately 3 0 seconds to one 
minute. A interoffice trunk, via which the voice signals 
between both users are transmitted, is accessed without 
interfering with the transmitted signal, so that the 
access verification does not affect the conversation. 

The voice signal of subscriber A is analyzed, i.e., 
compressed by voice recognition algorithms, the 
thus-produced speech pattern being compared with 
reference data records stored in a table of authorized 
names. If the actual voice signal can be assigned to one 
of the reference data records, then the subscriber is 
considered to be authorized and entitled to call. In this 
context, the table of authorized persons can refer 
specifically to the line as a whole or to a PBX line 
and/or it may be time-dependent. 

If subscriber A is approved, then the connection is 
maintained until the end of the carll . In the simplest 
case, no additional check is made. To further increase 
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security against abuse, the process is repeated at 
regular time intervals, i.e., the voice signal of 
subscriber A is analyzed again. 

5 If the subscriber is identified as unauthorized, because 

his voice signal cannot be assigned to an entry in the 
table of authorized persons, the connection is 
interrupted in the simplest case by generating a 
interrupting signal or by briefly deactivating the 
10 terminal. A new connection can be established immediately 

after the connection is terminated. 

To counteract persistent attempts at unauthorized use, it 
is also possible to record the number of attempts at 

15 unauthorized use within a specific time interval and to 

set a critical value for the maximum number to be 
tolerated. If the number of attempts at unauthorized use 
exceeds this value, a total block of the line is 
automatically initiated. The line can then only be 

20 enabled again after a specific waiting period or by the 

entering an enabling code. In addition, as in the case of 
a normal termination due to unauthorized use, an alarm 
signal can be produced at the telephone itself or at a 
PBX operator desk. 

25 

Figure 2 shows an additional flowchart of the method 
according to the present invention. Before the method is 
initiated, all users of the telephone line to be 
protected against abuse enter voice samples into the 

30 system. The voice recognition unit or a speech pattern 

recognition system extracts the subscribers' speech 
patterns and stores them, compressed by a voice 
recognition algorithm, in memory as reference data. The 
reference speech patterns are, thus, available for online 

35 recognition at the facilities of the network provider, in 
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a private branch exchange, or on the calling card of a 
mobile telephone. 

The process begins once a caller initiates a call from a 
5 telephone, the telephone connection is established by the 

network provider, and the telephone conversation is 
started. At the same time as the telephone call, the 
speech pattern recognition is initiated to determine the 
speech pattern of the caller. This speech pattern 
10 determined for the caller from the telephone call is 

compared with the reference stored for this line or on 
the calling card of a mobile telephone. 



If a speech pattern is recognized, i.e., the actual voice 
15 signal matches a reference, the speech pattern 

recognition for this connection is discontinued, and the 
computer capacity can be used to analyze other calls. 



If no speech pattern is recognized, the call is 
20 interrupted to protect the customer from financial loss. 

When a mobile telephone is used with a calling card, the 
call is always terminated. If necessary, the customer can 
be provided with a log of the attempt at unauthorized use 
in order to identify the person using the telephone 
25 without authorization. 



Figures 3 through 5 show three possibilities for 
implementing the method according to the present 
invention in a communications network. 

30 

For this purpose, Figure 3A shows a private branch 
exchange (PBX) , which is connected to a public switched 
telephone network. The private branch exchange (PBX) has 
a plurality of extension stations, of which three are 
35 shown here. The access authorization of the users of the 
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individual extension stations is to be monitored 
according to the present invention. For this purpose, an 
IP (intelligent peripheral) is assigned to the private 
branch exchange (PBX) , the IP being capable of accessing 
5 the telephone line via which signals are transmitted from 

one extension station to an additional line outside the 
private branch exchange, and of recording and storing the 
signals entered by the extension station user. In 
addition, the IP has a voice recognition unit that is 

10 capable of analyzing the recorded voice signal and 

comparing it with previously stored reference data 
records. In addition, ,the IP is also capable of accessing 
the reference data record memory. In this case, either 
specific reference data records are assigned to each 

15 extension station, the reference data records being 

assigned to the users of this extension station, or the 
table of authorized persons contains all potential users 
of the entire private branch exchange irrespective of the 
actual PBX line. 

20 

If the IP cannot match the actual voice sample to any of 
the reference data records, it applies a suitable control 
signal to induce the private branch exchange (PBX) to 
generate a signal interrupting the connection. As a 
25 result, the connection of a PBX line to a user in the 

public switched telephone network via the private branch 
exchange is interrupted. 

Figure 3B shows < an example for the implementation of 
30 person-specific assignment of charges by voice 

recognition in a private branch exchange. 



In the private branch exchange, in the case of procedural 
authentication, i.e., voice recognition before a 
35 connection is established, all calls originating from the 
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terminals connected to PBX lines (ports 22 to 28) are 
redirected to one port (port 21 in the illustrated 
example) . This redirection is performed by the control 
unit of the private branch exchange. The relevant 
programs are stored, for example, in a memory module, an 
EEPROM in this case. A digital signal processor (DSP) 
having suitable voice recognition software and, 
optionally, voice recognition hardware is connected to 
port 21. If the identification is positive, it relays the 
signal to the private branch exchange via the customary 
control functions, i.e., either via the line, a V.24 
interface, or another management interface. The 
thus-verified calls are switched from the private branch 
exchange (PBX) to the interexchange trunk and form an 
outgoing call. The billing information for 

person-specific cost assignment is fed directly into the 
billing system. 

In the case of online recognition of the speaker, the 
call is already set up; however, as in the case of 
"bugging" a call, the call information is serially routed 
through the DSP. The DSP analyzes the speech without 
interfering with the transmission and relays 
corresponding information to the private branch exchange 
or the billing system. 

Figure 4A shows an arrangement of control unit IP 
corresponding to the arrangement of Figure 3A in an 
exchange. A connection from the subscriber line to an 
additional line in the public switched telephone network 
is established via this exchange. Physically and 
organizationally, the exchange is assigned to the 
subscriber line; however, it is not necessarily located 
in its immediate vicinity. Aside from the different 
physical arrangement of the IP, the access verification 
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is performed here in the same manner as described above. 
The difference is that no intelligent devices for voice 
recognition and for speech storage need to be provided on 
the subscriber side, since these are centrally integrated 
5 in the exchange . 

Figure 4B shows an example for the implementation of 
access verification by voice recognition in an exchange 
of a telephone network. 

10 

Voice recognition system IP can be implemented in a 
computer, for example in the form of a plug- in module in 
the exchange. Calls for which the speaker is to be 
identified are routed from the exchange through the IP. 

15 

Voice recognition is implemented either in dialog form, 
i.e., an authentication procedure is executed as 
described above in Figure 3B, or else the voice is 
recognized online. In the latter case, the speech pattern 
2 0 is checked during the conversation in progress and 

characteristics of the speech of speaking user A are 
compared with the stored patterns. In this case, the call 
is tapped, so to speak, by the IP without interfering 
with it . 

25 

One possible structure for the authentication procedure 
is a dial-in into the DSP of the IP. For this purpose, 
the telephone channel is routed to an input of the IP. At 
this point, subscriber A is asked by the software of an 

30 intelligent voice response system to state his name or 

his identifier. After that, he is asked for his password 
or his personal identification number PIN. The data is 
compared with the identifier stored in memory, and the 
speech pattern is compared with the stored patterns 

35 either using frequency spectra or speech dynamics. In the 
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dialog form, the implementation of voice recognition is 
very simple, since the identifier is made up of precisely 
defined words, which were previously entered. 

5 After authentication in the IP, the customer is directed 

to a menu that requests that he enter the desired 
telephone numbers. These are recorded as in conventional 
messaging or voice response systems, converted into pulse 
or MFC dialing information, and sent into the network, or 

10 they are relayed to the exchange as signals in the format 

of signaling system No. 7 (Common Channel Number 7, 
CCS7) . The exchange then initiates the connection to 
subscriber B. The use of CCS7 signals permits faster 
processing and more features, namely all those 

15 implemented in CCS7 and cleared for the IP. 

The information concerning the speaker, i.e., the 
identified reference data record, is sent as control 
information to the exchange via the CCS7, and generates 

2 0 an alarm in the network management system. The network 

management system can also generate a corresponding alarm 
message regarding call data records, so that the billing 
system also receives appropriate information. 

25 The speaker- identifying data records produced in this way 

are used for access verification; however, they can also 
be used for billing a call. The corresponding procedures 
are described in the flowcharts. 

3 0 When recognizing continuous speech, the system preferably 

concentrates on the essential characteristics of the 
language. To be sure, key words such as "good morning, 
hello," etc. can be considered in the entry procedure; 
however, in principle, it is necessary to store speaker- 
35 specific characteristics, irrespective of which language 
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and with whom the user is speaking. For this purpose, the 
algorithm can use static methods such as frequency 
spectrum analysis, as well as dynamic speech 
characteristics . 

5 

Figure 4C shows an additional example of the method 
according to the present invention implemented in an 
exchange. The subscriber unit (subscriber card) of 
subscriber A recognizes whether the subscriber has 

10 provided voice recognition for access verification. The 

central processing unit CPU of the exchange initiates the 
appropriate routing through the switching matrix, the 
actual switching unit. As a result, the call is not 
routed directly to subscriber B or to the next exchange, 

15 but rather it is first routed through an intelligent 

peripheral IP having a digital signal processor (DSP) . 
The output port of the IP is routed through the switching 
matrix to subscriber B or to the next exchange. 

2 0 All control information and, accordingly, also the result 

of the voice recognition are compared in the exchange 
having the central processing unit CPU. 

The IP can also include several voice recognition units 
25 or DSPs and, thus, analyze several lines simultaneously. 

The information concerning the usage of the IP and 
concerning the analytical results is transmitted to the 
CPU. 

3 0 Figure 5 shows the implementation of the method according 

to the present invention in the service control point SCP 
of an intelligent network. 

When implemented in the IN, the voice data is routed via 
35 an ISDN channel to voice recognition unit IP, which is 
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located at the site of the SCP . Control information, for 
example, whether the calling line is using voice 
recognition for monitoring abuse, results from the voice 
analysis, and the like are then exchanged between the SCP 
5 and the service switching point SSP, which is located at 

the site of the exchange. 

Implementing the method according to the present 
invention in the centrally structured IN makes it 

10 possible to centrally implement voice-based abuse control 

over a large network area, i.e., a plurality of lines. 
This eliminates the need for expensive software and 
hardware equipment in the exchanges; only the IN must be 
adapted. This implementation is, therefore, suitable in 

15 particular for cases of low demand or in the introductory 

phase, i.e., it is not yet worthwhile to equip each 
exchange . 



The present invention is suitable, in particular, for 
20 operators of communication networks to increase the 

security of voice telephony customers against abuse. 
Moreover, the present invention is particularly suitable 
for operators of private branch exchanges where the 
problem of unauthorized access is encountered on a 
25 regular basis. 
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Abstract 

A method for verifying access authorization for voice 
telephony in a fixed network line or mobile telephone 
5 line, as well as a communications network having such 

access authorization verification are described. The 
access authorization is verified by analysis of a voice 
signal which was entered by the subscriber placing the 
call, before or during a call in progress. In one 

10 variant, the voice signal is entered as a password before 

the connection is established; in another variant, voice 
signals are analyzed for voice recognition and subscriber 
identification, the same voice signals also being 
transmitted to the person being called, making concealed 

15 access verification possible which does not hamper the 

normal flow of conversation. 



24 SUBSTITUTE SPECIFICATION 



O "7' !i:J €s ;B .1, c* ,„ O */' Q "3 O hi 

09/786819 

JC02 Rec'd PCT/PTO 0 9 MAR 2001 

[2345/147] 



METHOD FOR VERIFYING ACCESS AUTHORIZATION FOR VOICE 
TELEPHONY IN A FIXED NETWORK LINE OR MOBILE TELEPHONE 
LINE AS WELL AS A COMMUNICATIONS NETWORK 

[Technical ] 

Field of the Invention 



The present invention relates to a method for verifying 
access authorization for voice telephony in a fixed 
5 network line or mobile telephone line as well as a 

communications network fwithl havincr such access 
authorization verification . 



Background [ Information] of the Invention 



10 



[With] In the case of private branch exchanges (PBXs) for 
telecommunications having a large number of extension 
stations used by different persons, but also fwithl in the 
case of mobile terminals [, in other words , 1 such as cell 

15 phones, there exists the problem of abuse by unauthorized 

third parties or by unauthorized employees of a company. 
For example, personal conversations are frequently 
[carried on from] held via PBX lines of large corporations 
at the employer's expense. Moreover, when telephone calls 

2 0 are made from a stolen or lost mobile telephone [ or one 

that has otherwise gone astray] , the account of the 
lawful owner is always charged without the owner being 
able to directly prevent this. 

25 To prevent unauthorized use in private branch exchanges, 

methods are known in which the user of a terminal must 
enter an access code to be able to make an interoffice 
call and/or to dial specific outside numbers. In these 
methods, the subscriber [ ]_enters a personal access code 
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(PIN) via the keypad of the terminal, the access code 
being evaluated by the private branch exchange and 
compared with a table of authorized names. This method 
also makes [allocation of 1 it possible to allocate the 
5 incurred charges to specific individuals [ possible] . Once 

the subscriber's authorization has been established in 
this manner, the corresponding PBX line is enabled to 
establish an interoffice or long [-] ^distance connection. 

10 However, due to the additional time required, this method 

of entering a code before each call is very cumbersome 
and is not fpract icablel practical for PBX lines from 
which many calls are made regularly, e.g., a secretary's 
office or a senior executive's office [, due to the 

15 additional time required] . For that reason, such lines 

are frequently exempted from the access verification [, ] 
so that any person can call from them at any time and the 
problem of unauthorized use [continues to existl persists . 

20 An additional known method is to detect unauthorized use 

after the fact by analyzing the call durations, the 
direction^ and the subscriber [ called] or the number 
called. For this purpose, the private branch exchange 
logs the calls made, the call destinations, call 

25 duration^ and the associated PBX line. A similar 

verification takes place in the network management system 
of a public switched telephone network. For example, ■ all 
calls lasting longer than a predetermined duration are 
checked for the call destination later or during the 

3 0 connection. An unauthorized use can be detected if the 

call destination cannot be assigned to a predetermined 
group of telephone numbers^, which, for example, are 
assigned to the company's customers. Individual PBX lines 
such as those of senior executives can be exempted from 

35 checking for unauthorized use in this case also. 
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However, even with this type of checking for unauthorized 
use, only line [-] ^specif ic determination of an 
unauthorized use is possible. Those cases in which the 
same person improperly uses different terminals without 
5 authorization cannot be detected. Moreover, the 

unauthorized use can only be detected after the f act [ , 
while] j_ an unauthorized call cannot be prevented. 

[Technical Object 

10 

The object of thel U.S. Patent 5,623,539 relates to a 
device and a method for monitoring a telephone connection 
for unauthorized use. For this purpose, voice samples of 
all of the persons who are authorized to use the 

15 telephone connection are stored. During a conversation 

conducted over the telephone connection, the transmitted 
voice data is tapped and broken down via suitable means 
into individual voice samples, each of the thus -obtained 
voice samples corresponding to the voice of one of the 

2 0 conversation participants. These voice samples taken from 

the telephone conversation are compared to the stored 
voice samples. The telephone connection is only accepted 
as authorized when a sufficient match between at least 
one of the stored voice samples and at least one of the 

2 5 voice samples obtained from the telephone conversation is 

determined . 

U.S. Patent 5,093,855 relates to a method and a device 
for speaker recognition in a telephone switching 
3 0 exchange, where tapped speech samples are supplied via 

the telephone line to the exchange, where they are 
compared to previously stored speech samples. If the 
speaker is recognized, a first signal is emitted, 
otherwise, a second signal is emitted. 

35 
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The publication "Speaker Identity Verification over 
Telephone Lines: Where we are and where we are going " by 
T.C. Feustel and G.A. Velius, International Carenaham 
Conference, Zurich 1989, addresses voice recognition and 
5 the security, e.g., against unauthorized telephone use, 

that it can provide. In this context, the possibility to 
increase security by combining voice recognition and the 
use of passwords or PINs is also mentioned. 



Summary of the Invention 

The present invention [is therefore to ] provides, a method 
15 for verifying access authorization for voice telephony 

[which] that does not hamper the normal use of telephones 
and permits direct detection of attempts at unauthorized 
use and prevents them if necessary. [ 

2 0 Summary] In particular, the method of the [I] present 

invention [ 

The objective is achieved by] provides a method for 
verifying access authorization for voice telephon [y] e in 
25 a fixed network or mobile telephone line by voice 

recognition [ according to Claim 1. Advantageous further 
developments of the invention are the object of the 
dependent claims] . 

3 0 According to an embodiment of the present invention, 

voice signals of [the] a subscriber placing [the] a call 
are recorded before or after the communication connection 
to the subscriber being called [user ] is set up. For 
example, the subscriber can be automatically 
35 [requested] prompted to acoustically provide a password 
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after dialing the outside number^ but before the 
connection is [set up] established . Alternatively or in 
addition to this embodiment , the voice signals [are] can 
be recorded during the course of the call, the voice 
5 signals of the subscriber placing the call [er] being 

relayed concurrently to the subscriber called so that the 
communication is not disturbed. In both cases, the voice 
signal of the subscriber placing the call is analyzed by 
voice recognition algorithms and compared with a 

10 reference data record or several reference data records 

for purposes of assignment. The reference data record (s) 
is/are assigned to the fixed network line or mobile 
telephone line in an unambiguous manner; in particular, 
they define the group of persons having authorized 

15 access. According to the present invention, the 

communication connection [is] can be automatically 
[interrupted] disconnected or [ is] not established and/or 
an alarm [is] can be triggered, if the recorded voice 
sample cannot be assigned to any reference data record. 

20 Otherwise, the communication connection [is] can be 

maintained or established in the customary manner. 

[Preferably] In a further embodiment , the voice 
recognition can take Ts] place after the start of the 

25 communication connection online, i.e., directly during 

the communication connection. As with line tapping by 
police or intelligence services, the voice signals of the 
subscriber placing the call are tapped from the data line 
and supplied to a voice recognition unit, which analyzes 

30 them online. The voice data [are] is transmitted 

concurrently to the person called. If the voice 
recognition unit is able to make an assignment to a 
reference data record, the analysis of the voice signal 
is terminated^ and the data processing capacity of the 

35 voice recognition unit is available for identifying 
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additional callers . 

As an alternative to voice recognition during the 
connection, the speaker can be assigned to a billing 
5 account before the connection is established as part of 

an authentication procedure [which] that the speaker must 
undergo. In this case, the telephone user is requested to 
provide a voice sample^, and the connection is only 
established once the voice sample has been identified and 
10 the speaker is identified as authorized. 

In addition to online voice recognition, the voice signal 
of the subscriber placing the call can also be recorded 
and stored in intermediate memory as a voice sample. The 
15 stored voice sample is then analyzed [still ] during or 

after the communication connection. 

[The method according to] In embodiments of the present 
invention [ has the great advantage that before the 

20 communication connection is made] , it is not necessary to 

perform the cumbersome action of entering a password 
manu all y before the communication connection is 
established , but rather access is established [or] and/ or 
maintained by voice control. When access authorization is 

25 verified after the connection has been established, the 

process takes place concurrently with the normal flow of 
the call [, ]x the participants [noticing nothing of] do not 
notice the access verification, but rather they are able 
to talk over the telephone in the normal manner, thus 

30 saving time. The same voice signals that are transmitted 

to the person called are analyzed for voice recognition 
and subscriber identification. This does not interfere 
with the transmission of voice signals between the 
[call] conversation participants. Thus, in principle, any 

35 connection can be monitored for unauthorized use without 
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interfering with the normal flow of telephone 
conversation by [the ] additional [ entry of ] ly entering , 
access codes. 

5 Several possibilities for voice recognition are known and 

can be used to implement the present invention . There are 
voice recognition algorithms for [the recognition 
of 1 recognizing semantic content [which] of speech that 
compare an actual voice sample with an already stored 

10 voice sample [which corresponds] corresponding to a 

specific spoken word. [T] In this context, t he stored 
voice sample corresponds, for example, to a spoken word 
whose text representation is also stored. By determining 
a correspondence between the actual and the stored voice 

15 sample, it is possible to assign a textual 

representation, e.g., in the form of an ASCII 
representation, to the actual voice input, thus in 
principle making it possible to recognize the content of 
a voice message. Such voice recognition units are used, 

2 0 for example, for the voice control of computers and the 

like. 

[Typically] Or, the future user inputs the stored voice 
sample during a training phase. [The typical result is 
25 that, even in this case] Thus, only the actual voice input 

of [the ] this user [can] may be reliably recognized [ 
reliably] by the voice recognition, since even voice 
samples of different users that have the same semantic 
content vary due to individual speech patterns . 

30 

This [principle] technique can also be used in a 
refinement of the present invention to verify access 
authorization for a telephone line. In this connection, 
the reference data records are reference voice samples 

3 5 corresponding to specific words spoken by one person, 
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e.g., typical greetings, the first or last name of a 
person [with! having authorized access or other 
expressions which frequently occur in a telephone 
conversation. These voice samples are recorded in a 
5 training phase and stored in digital form in a memory as 

a reference data record. In order to implement the 
method, the voice recognition algorithms analyze the 
recorded voice data for the occurrence of fragments, 
i.e., individual words or expressions that match the 

10 reference voice sample within a specified tolerance 

range. In this connection, it is not the semantic content 
of the reference or of the actual voice signal that is of 
significance^ but rather the individual speech pattern of 
the authorized and the calling persons which is expressed 

15 in a specific characteristic pattern of the reference 

voice sample. 

[For this reason, a] Another [ preferred] embodiment [does 
not provide for the use of an actual word recognition 

20 system like the one described previously, but rather] of 

the present invention also provides for the analysis of 
the input voice signals for speech patterns that are 
characteristic of the user regardless of their semantic 
content. The specific intonation, voice register, 

25 dialect^ and the like, which cause the voice of a person 

to appear nearly unique to the human ear, are manifested 
in characteristic features of a voice sample taken from 
this person, e.g., a specific frequency distribution, 
which can be used to identify this person by electronic 

3 0 means. Therefore, according to the present invention, 

reference speech patterns, e.g., frequency patterns or 
amplitude patterns, which are characteristic of one 
person, are stored as reference data records. For 
example, they [are] can be obtained by statistical 

35 analysis of a voice sample using a corresponding voice 

-9- 



MARKED UP VERSION OF SPECIFICATION 



O J r a £n S 1, Q u O 7" a SI O £2 



recognition algorithm. To identify the actual voice 
sample recorded during a call, the voice recognition 
algorithms then create a corresponding speech pattern by 
statistical [ analysis of 1 lv analyzing the sample. In this 
5 connection, statistical [] analysis primarily refers to a 

frequency analysis in which the tone and voice register 
of the speaker can be identified; dynamic analysis refers 
to the dynamics of the voice signal, i.e., the amplitude 
characteristic and^ accordingly^ a specific intonation. 

10 Both methods are suitable for identifying a speaker. This 

speech pattern is then compared with the reference speech 
patterns. It is determined whether the characteristic 
features of both patterns agree. In creating the 
reference speech pattern from a reference voice sample, 

15 [it is important that ] the same voice recognition 

algorithm [be]i_s used fwithl as that which with the actual 
voice sample is analyzed. 

[The advantage] In this embodiment of [this variant is 
20 that] the present invention, the analysis of the 

individual speech patterns can make [s an essentially] a 
significantly more accurate identification of the 
speaking person possible than the search for specific 
words which, although individually characterized, may not 
25 always be reliably detectable due to the shortness of the 

words. The first variant is [suited in 

particular] particularly suited for access verification by 
entering a specific spoken password, while the second 
variant is [suited in particular] particularly suited for 
30 covertly verifying the access authorization during an 

ongoing call . 

fTl In a further embodiment, t he reference data records 
correspond to the group of authorized persons, e.g., all 
35 the employees of a company who must make telephone calls 
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as part of their work activity. The reference data 
records are stored, for example, in a table of authorized 
.names. [Q] In this context, o ne [person's authorization 
may apply] person can be authorized only [to] for selected 
5 telephone numbers or types of connections^ or 

authorization can change as a function of the time of 
day . 

The method according to the present invention can 
10 [advantageously] further prevent the use of terminals for 

the placement of toll calls by persons not belonging to 
this authorized group, while any authorized person can 
place calls from any PBX line of the company. 

15 In [an additional advantageous refinement] another 

embodiment of the present invention, the access 
authorization [is] can further differentiated according to 
PBX lines. The reference data record or [the ] reference 
data records are [assigned 1 unambiguously assigned to a 

2 0 PBX line of a private branch exchange. The reference data 

record or reference data records, in turn, define the 
group of authorized persons, in this case for a single 
PBX line. This makes it possible to prevent persons 
authorized per se from placing telephone calls from other 

25 terminals. This is [important] useful in 'the event that 

individual lines are cleared for interoffice calls but 
not for long distance calls, while this limitation does 
not exist for other PBX lines. 

30 In the event of an access verification during the 

connection, the voice signals [are] can be tapped during a 
predetermined time interval, e.g., 30 to 60 seconds, the 
recording starting in particular immediately after the 
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connection is established. The voice sample is already 
analyzed [ already] during the tapping or at the end of 
the time interval . 



5 [For long-term monitoring of the access authorization of 

the subscriber placing the call, it is further provided 
that the voice signals are analyzed at regular intervals 
during the connection and used to check the speaker's 
authorization at regular time intervals. In this manner, 
10 it is also possible to detect a change of speakers and 

interrupt the connection, if appropriate. 



] For reasons of data security and privacy, the recorded 
and possibly buffered voice sample is erased after the 

15 voice recognition is completed, if it was possible to 

assign the sample to a reference data record. However, in 
the case of unauthorized use, i.e., no automatic 
assignment can be made to a reference data record and, 
accordingly, to an authorized person, the voice data [is 

20 ] preferably [kept in storage] remains stored . It can then 

be used to identify the speaker. 



In order to keep the expense for verifying access 
authorization as low as possible, [it is advantageous if 

25 ] the method [is] can be implemented only at certain times 

of the day and/or week and/or only via specific call 
destinations, e.g., only for long [-] ^distance 
connections. The fixed network or mobile telephone line 
in question, or individual PBX lines of a fixed network 

30 line are then [totally] completely blocked or 

[totally] completely cleared for connections outside of 
these time periods or for other call destinations. 
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Moreover, it is provided that the access verification by 
voice recognition is not implemented if, before a 
connection is established, the user enters a key 
combination, e.g., a PIN code or an acoustic signal, 
5 e.g., a sequence of MFC signals, and has his 

authorization verified via this access code. 

A [n additional advantageous refinement] further 
embodiment of the present invention provides that the 
number of unauthorized access attempts is recorded and 
the line is blocked if more than a predetermined number 
of such attempts is detected within a predetermined time 
interval, e.g., one day or one hour. In addition, an 
alarm can first be triggered via the network management 
system^ and an operator can be switched in. 

[The object is furthermore attained by] A further 
embodiment of the present invention can involve a 
communication network [which may be a] having a plurality 
20 of, fixed network lines or [ a] mobile [telephony network. 

According to the present invention, the network has means 
which] telephone lines, as well as technical means for 
establishing a communication connection between two or 
more lines of the same or of a different communication 
2 5 network , including : 

a) means that are capable of accessing a data line via 
which voice signals are at least partially 
transmitted from the calling line to the called 
line^ and that are capable of recording a voice 

30 signal transmitted by the calling line [. Moreover, 

] j. 

b) at least one memory [■ is present] in which reference 
data records are stored which are assigned to a 
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group of persons having access authorization [ . 
Moreover , ] ; and 
c) at least one control unit having a voice recognition 
unit [is present, ] which is capable of accessing the 
memory for the [voice samples and the ] reference 
data records [ and] x analyzing the [stored! tapped 
voice [sample using] signal via voice recognition 
algorithms^ and determining the access authorization 
of the subscriber placing the call by [comparing 
them] comparison with the reference data records [ . In 
doing so] , the control unit [causes a signal which 
clears the connection or an alarm signal to be 
generated] initiating the production of a signal to 
disconnect the connection if the voice signal cannot 
be assigned to any [one ] of the reference data 
records., 

so that voice samples are recorded at regular time 
intervals during the entire communication connection, and 
the speaker's authorization is checked at regular time 
intervals . 

[A] In this context, a communication network [is] can be 
understood to be the totality of all lines 

[with] including the exchanges or conversion stations and 
possibly data lines and other intelligent switching and 
transmission devices. The elements involved in the 
present invention can, however, be arranged in only a 
small part of the network, e.g., in a private branch 
exchange. The communication network according to the 
present invention advantageously makes it possible to 
verify the access authorization of users of individual 
lines and accordingly to implement the method 

[of] according to the invention. 
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In order to be able to utilize the voice signals in a 
detected case of abuse, to identify the unauthorized 
caller or for offline voice analysis, the communication 
network [preferably] may ha [s] ve at least one memory in 
5 which the recorded voice signals are stored in 

intermediate memory as voice samples. 

According to the present invention, the verification of 
access authorization within the communication network can 

10 take place at various points within the network. If the 

access authorization of users of a private branch 
exchange is to be verified, [then ] the control unit and 
the reference data memory or possibly the voice sample 
memory [are preferably] can be arranged within the private 

15 branch exchange. The control unit [is] can be , for 

example, [ a] part of a data processing system [which] that 
logs the connections made [from] by the individual PBX 
lines, blocks individual PBX lines on a t ime [ - ] ^dependent 
basis or for specific call destinations, and possibly 

2 0 [queries for] requests a PIN code. [ ] 

Alternatively, the control unit and the corresponding 
memory locations [may] can be located outside the customer 
area in an exchange in the actual telephone network. In 

25 this case, the reference data of the lines assigned to 

the exchange fare] can be stored in the reference data 
memory. Preferably, the reference data is stored in a [re 
1 i ne - spec i f i c ] 1 i ne - spec i f i c manne r , so that an 
authorized group of persons is defined for each line and 

30 is checked by the exchange. If the control unit is unable 

to assign the voice sample to any of the reference data 
records, it causes the exchange to generate a signal 
[clearing] disconnecting the connection. In this manner, a 
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common control unit can be used to centrally verify the 
access authorization of users of a [large 
number] plurality of lines [centrally from] in the 
exchange [ , ] without requiring a modification of the lines 
5 on the customer side. 

Access verification can be further centralized [ , in that] 
by assigning the control unit and the corresponding 
memory [ are assigned] to an SCP (Service Control Point) 

10 of an intelligent network [, ] and [in that] by the control 

unit [induces] causing the SCP to generate a signal 
[clearing] interrupting the connection!,] if the voice 
sample cannot be assigned to any of the reference data 
records. The so [-] ^.called intelligent network is an open 

15 communications network , which is built on the traditional 

telephone network [ , which] and makes various telephone 
services [with] having new features possible, for example, 
toll [-]^free calling using specific numbers or reaching 
various offices of a corporation using a dial number 

20 [which] that is identical over a large [ territory] r 

region . The central computer containing the required 
switching information is known as the SCP . [Also, t]The 
transition from a telephone network of one network 
provider to that of a different network provider is also 

25 accomplished using structures similar to an IN. 

In addition, the method according to the present 
invention can also be used to check the authorization of 
a mobile terminal user. For this purpose, a mobile 
30 terminal [having the following features is proposed ] f or [ 

the] telecommunications is proposed, including : 
[ 

] a) [ Means are provided which] means that are capable 
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of accessing a data 
line, via which voice 
signals are 
transmitted in 
electronic form, and 
of recording an 
entered signal and a 
voice signal [ . ] j_ 

b) [ At] at least one memory [ is provided] in which at 

least one [reference data record ] or 
[several] more reference data records are 
stored [, ] which are assigned to a group of 
persons having access authorization [. ] ; and 

c) [ At] at least one control unit having a voice 

recognition unit [ is provided] which is capable 
of accessing the memory for the reference data 
records [ and] ^ analyzing the tapped voice 
signal via voice recognition algorithms, and of 
determining the access authorization of the 
subscriber placing the call by comparison with 
the reference data records, the control unit 
initiating the production of a signal to 
[clear] disconnect the connection or 
[disconnect] causing the terminal to shut off if 
the voice signal cannot be assigned to any of 
the reference data records^ 
so that voice samples are recorded at regular time 
intervals during the entire communication connection, and 
the speaker's authorization is checked at regular time 
intervals . [ ] 



The reference data record (s) [is/are preferably] can be 
stored on the chip of a mobile telephone card. The owner 
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of the mobile telephone [preferably] can provide [d] the 
voice sample necessary for this purpose when purchasing 
the mobile telephone card. [A] Therefore, a lost mobile 
telephone is [ thus], in principle, operable, but the 
5 mobile telephone card is only operable as a function of 

the correct speech pattern. This can prevent calls from 
|"being] continuing to be made on a lost mobile telephone 
at the owner [ ' ] J_s expense. 



Brief 


[d] Description of the [drawinq in which; 
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shows a schematic of the sequence of 
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operations of an embodiment of the present 
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3 0 embodiment of the present invention. 

Detailed Description 
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Figure 1 schematically shows [the] a sequence of 
operations of an embodiment of the method [according 
to] of the present invention [; 

Figure 2 shows an additional flowchart of the 

5 method according to the present invention; 

Figures 3-5 show examples of communication networks 

for implementing the method according to 
the present invention. 

10 The sequence of operations of the method according to the 

present invention is schematically shown in Figure 1.]^ 

At the start of the method, subscriber A calls a 
destination number. The connection is established as soon 
as subscriber B answers. [B] Typically, b oth subscribers 

15 begin to speak [ normally] . The voice signals of 

subscriber [s] A are automatically tapped and analyzed, 
the analysis lasting [ for] a predetermined time span, 
approximately 3 0 seconds to one minute. [Access to an] A 
interoffice trunk, via which the voice signals between 

2 0 both users are transmitted [ between both subscribers], 

[takes place] is accessed without 

[interference] interfering with the transmitted signal, so 
that the access verification does not affect the 
conversation . 

25 

The voice signal of subscriber A is analyzed, i.e., 
compressed by voice recognition algorithms, the 
thus -produced speech pattern [ thus produced] being 
compared with reference data records stored in a table of 
30 authorized names. If the actual voice signal can be 

assigned to one of the reference data records, then the 
subscriber is considered to be authorized and entitled to 
call. [T] In this context, t he table of authorized persons 
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can refer specifically to the line as a whole or to a PBX 
line [, ] and/or it may be time [ - ] ^dependent . 

If ["caller] subscriber A is approved, then the connection 
is maintained until the end of the call. In the simplest 
case, no additional check is made. [However, t] To further 
increase security against abuse, the process [can be] is 
repeated at regular time intervals, i.e., the voice 
signal of subscriber A is analyzed again. 

If the subscriber is identified as unauthorized, because 
his voice signal cannot be assigned to an entry in the 
table of authorized persons, the connection is 
interrupted in the simplest case by [the generation 
of] generating a [clearing] interrupting signal or by 
briefly deactivating the terminal [ for only a brief time. 
In principle, it is then possible to establish a new 
connection] . A new connection can be established 
immediately after the connection is 
[interrupted] terminated . 

To counteract persistent attempts at unauthorized use, it 
is also possible to record the number of attempts at 
unauthorized use within a specific time interval and to 
25 set a critical value for the maximum number to be 

tolerated. If the number of attempts at unauthorized use 
exceeds this value, a total block of the line is 
[initiated ] automaticall y initiated . The line can then 
only be enabled again after a specific waiting period or 
3 0 by the [entry of] entering an enabling code. In addition, 

as [with] in the case of a normal 

[interruption] termination due to unauthorized use, an 
alarm signal can be produced at the telephone itself or 
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at a PBX operator desk. 



Figure 2 shows an additional flowchart of the method 
according to the present invention. Before the method is 
5 initiated, all [subscribers] users of the telephone line 

to be protected against abuse enter voice samples into 
the system. The voice recognition unit or a speech 
pattern recognition system extracts the subscribers [']_!. 
speech patterns and stores them , [ after compressing them 

10 usingl compressed by a voice recognition algorithm, 

[stores them! in memory as reference data. The reference 
speech patterns are, thus, available for online 
recognition at the facilities of the network provider, in 
a private branch exchange, or on the calling card of a 

15 mobile telephone. 



The process begins once a caller initiates a call from a 
telephone, the telephone connection is established by the 
network provider, and the telephone conversation is 
20 started. [T] At the same time as the telephone call, t he 

speech pattern recognition is initiated [ simultaneously 
with the telephone call,] to determine the speech pattern 
of the caller. [ 



25 ]_This speech pattern determined for the caller from the 

telephone call is compared with the reference stored for 
this line or on the calling card of a mobile telephone. 



If a speech pattern is recognized, i.e., the actual voice 
3 0 signal matche [d] s a reference, the speech pattern 

recognition for this connection is discontinued!;]^ and 
the [respective ] computer capacity can be used to analyze 
other calls . 
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If no speech pattern is recognized, the call is 
interrupted to protect the customer from financial loss. 
When a mobile telephone is used with a calling card, the 
call is always terminated. If necessary, the customer can 
be provided with a log of the attempt at unauthorized 
use [ , ] in order to identify the person using the 
telephone without authorization. 

Figures 3 ftol through 5 show three possibilities for 
implementing the method according to the present 
invention in a communications network. 

For this purpose, Figure 3A shows a private branch 
exchange (PBX) ^ which is connected to a public switched 
telephone network. The private branch exchange (PBX) has 
a [large number 1 plurality of extension stations, of which 
three are shown here. The access authorization of the 
[subscribers] users of the individual extension stations 
is to be monitored according to the present [ ] invention. 
For this purpose, an IP (intelligent peripheral) is 
assigned to the private branch exchange (PBX) [. T] , >t he 
IP [is] being capable of accessing the telephone line [, ] 
via which signals are transmitted from one extension 
station to an additional line outside the private branch 
exchange [ are transmitted] , and of recording and storing 
the signals entered by the extension station 
[subscriber] user . In addition, the IP has a voice 
recognition unit [which] that is capable of analyzing the 
recorded voice signal and comparing it with previously 
stored reference data records. In addition, the IP is 
also capable of accessing the reference data record 
memory. In this case, either specific reference data 
records are assigned to each extension station, the 
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reference data records being assigned to the 
[subscribers! users of this extension station, or the 

table of authorized persons contains all potential 
[subscribers] users of the entire private branch 
5 exchange [ , ] irrespective of the actual PBX line. 

If the IP cannot match the actual voice sample to any of 
the reference data records, it applies a suitable control 
signal to induce the private branch exchange (PBX) to 
10 generate a signal [clearing] interrupting the connection. 

As a result, the connection of a PBX line to a 
[subscriber] user in the public switched telephone network 
via the private branch exchange is interrupted. 



15 Figure 3B shows an example for the implementation of 

person [-] ^specific assignment of charges by voice 
recognition in a private branch exchange. 



In the private branch exchange, in the case of procedural 
2 0 authentication, i.e., voice recognition before a 

connection is established, all calls originating from the 
terminals connected to PBX lines (ports 22 to 28) are 
redirected to one port (port 21 in the [example 
] illustrated example ) . This redirection is performed by 
2 5 the control unit of the private branch exchange. The 

relevant programs are stored, for example, in a memory 
module, an EE PROM in this case. A digital signal 
processor (DSP) having suitable voice recognition 
software and^_ optionally^ voice recognition hardware is 
30 connected to port 21. If the identification is positive, 

it remits] relays the signal [ for relay] to the private 
branch exchange via the customary control functions, 
i.e., either via the line, a V.24 interface^ or another 
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management interface. The [calls ] thus [ 1 -verified calls 
are switched from the private branch exchange (PBX) to 
the interexchange trunk and form an outgoing call. The 
billing information for person [-] ^specif ic cost 
5 assignment is fed directly into the billing system. 

In the case of online recognition of the speaker, the 
call is already set up; however, as [with] in the case of 
"bugging" [ of] a call, the call information is [routed 
10 ] serially [via] routed through the DSP. The DSP analyzes 

the speech without interfering with the transmission and 
relays corresponding information to the private branch 
exchange or the billing system. 

15 Figure 4A shows an arrangement of control unit IP 

corresponding to the arrangement of Figure 3A in an 
exchange. A connection from the subscriber line to an 
additional line in the public switched telephone network 
is established via this exchange. Physically and 

20 organizationally, the exchange is assigned to the 

subscriber line; however, it is not necessarily located 
in its immediate vicinity. Aside from the different 
physical arrangement of the IP, the access verification 
is performed here [just] in the same manner as described 

25 above. The difference is that no intelligent devices for 

voice recognition and for speech storage need to be 
provided on the subscriber side, since these are 
centrally integrated f centrally] in the exchange. 



3 0 Figure 4B shows an example for the implementation of 

access verification by voice recognition in an exchange 
of a telephone network. 
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Voice recognition system IP can be implemented in a 
computer, for example in the form of a plug[-]^in module 
in the exchange. Calls for which the speaker is to be 
identified are routed from the exchange [via] through the 
5 IP. 

Voice recognition is implemented either in dialog form, 
i.e., an authentication procedure is executed as 
described above in Figure 3B [ above] , or else the voice 

10 is recognized online. In the latter case, the speech 

pattern is checked during the conversation in progress 
and characteristics of the speech of speaking 
[subscriber] user A are compared with the stored patterns. 
In this case, the call is tapped, so to speak, by the IP 

15 without interfering with it. 

One possible structure for the authentication procedure 
is a dial[-]^in into the DSP of the IP. For this purpose, 
the telephone channel is routed to an input of the IP. At 

2 0 this point, subscriber A is asked by the software of an 

intelligent voice response system to state his name or 
his identifier. After that, he is asked for his password 
or his personal identification number PIN. The data is 
compared with the identifier stored in memory^ and the 

25 speech pattern is compared with the stored patterns 

either using frequency spectra or speech dynamics. In the 
dialog form, the implementation of voice recognition is 
very simple, since the identifier is made up of precisely 
defined wordSj_ which were [entered 1 previously entered . 

30 

After authentication in the IP, the customer is directed 
to a menu [which] that requests that he enter the desired 
telephone numbers. These are [received] recorded as in 
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conventional messaging or voice response systems [ and 
sent into the network] , converted into pulse or MFC 
dialing information , and sent into the network , or they 
are relayed to the exchange as signals in the format of 
signaling system No. 7 (Common Channel Number 7, CCS7)_;_ 
The exchange then initiates the connection to subscriber 
B. The use of CCS7 signals permits faster processing and 
more features, namely all those implemented in CCS7 and 
cleared for the IP. 

The information concerning the speaker, i.e., the 
identified reference data record, is sent as control 
information to the exchange via the CCS7, and generates 
an alarm in the network management system. The network 
management system can also generate a corresponding alarm 
message [via] regarding call data records, so that the 
billing system also receives appropriate information. 

The speaker [-] ^identifying data records produced in this 
way are used for access verification; however^ they can 
also be used for billing a call. The corresponding 
procedures are described in the flowcharts. 

[In] When recognizing continuous speech, the system 
preferably concentrates on the essential characteristics 
of the language. To be sure, key words such as "good 
morning, hello," etc. can be considered in the entry 
procedure; however, in principle, it is necessary to 
store speaker [ - ] ^specific characteristics , irrespective 
of which language and with whom the [subscriber] user is 
speaking. For this purpose, the algorithm can use static 
methods [,] such as frequency spectrum analysis, as well 
as dynamic speech characteristics. 

-26- 

MARKBB UP VERSION OF SPECIFICATION 



Figure 4C shows an additional example of the method 
fof 1 according to the present invention implemented in an 
exchange. The subscriber unit (subscriber card) of 
subscriber A recognizes whether the subscriber has 
provided voice recognition for access verification. The 
central processing unit CPU of the exchange initiates the 
appropriate routing [vial through the switching matrix, 
the actual switching unit. As a result, the call is not 
routed directly to subscriber B or to the next exchange, 
but rather it is first routed [via] through an intelligent 
peripheral IP having a digital signal processor (DSP) . 
The output port of the IP is routed ["via] through the 
switching matrix to subscriber B or to the next exchange . 

All control information and, accordingly, also the result 
of the voice recognition are compared in the exchange 
having the central processing unit CPU. 

The IP [may] can also [contain] include several voice 
recognition units or DSPs and, thus, analyze several 
lines simultaneously. The information concerning the 
usage of the IP and concerning the analytical results is 
transmitted to the CPU. 

Figure 5 shows the implementation of the method 
[of] according to the present invention in the service 
control point SCP of an intelligent network. 

When [implementation takes place] implemented in the IN, 
the voice data is routed via an ISDN channel to voice 
recognition unit IP^ which is located at the site of the 
SCP. Control information, for example, whether the 
calling line [uses] is using voice recognition for [the 
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control of] monitoring abuse, results [of] from the voice 
analysis^ and the like[ # ] are then exchanged between the 
SCP and the service switching point SSP, which is located 
at the site of the exchange. 

5 

[The implementation of 1 Implementing the method 

[of] according to the present invention in the centrally 
structured IN makes [a] it possible to central [ 
implementation of] ly implement voice [-] abased abuse 
10 control [ possible] over a large network area, i.e., a 

[large number] plurality of lines. This eliminates the 
need for expensive software and hardware equipment in the 
exchanges; only the IN must be adapted. This 
implementation is, therefore, suitable in particular for 
15 cases of low demand or in the introductory phase, i.e., 

[when the equipping of each exchange] it is not yet 
worthwhile to equip each exchange . 

[Industrial Applicability 

20 

] The present invention is suitable, in particular, for 
operators of communication networks to [enhance] increase 
the security of voice telephony customers against abuse. 
Moreover, the present invention is [suitable, in 
25 particular, ] particularly suitable for operators of 

private branch exchanges [,] where the problem of 
unauthorized access is encountered on a regular basis. 

30 
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Abstract 

A method for verifying access authorization for voice 
telephony in a fixed network line or mobile telephone 
5 line, as well as a communications network having such 

access authorization verification are described. The 
access authorization is verified by analysis of a voice 
signal which was entered by the subscriber placing the 
call, before or during a call in progress. In one 

10 variant, the voice signal is entered as a password before 

the connection is established; in another variant, voice 
signals are analyzed for voice recognition and subscriber 
identification, the same voice signals also being 
transmitted to the person being called, making concealed 

15 access verification possible which does not hamper the 

normal flow of conversation. 
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All subscribers of the telephone lines 
to be protected against abuse enter 
suitable spoken voice samples into 
the system. 



The network 
provider 
establishes the 
connection. 



The telephone 
conversation starts 


1 


r 



The speech pattern recognition system 
extracts the subscriber's speech 
patterns and stores them in 
smemory compressed by a 
special algorithm. 



The caller is billed for the 
call since he was 
recognized. Possible 
changes of speakers 
during the conversation 
are also charged to the 
caller who was detected 
first. 



Speech 
pattern 
recognition is 
disconnected 



The telephone call is finished 
in the normal manner and the 
owner of the line or the caller 
is charged. 



Reference speech patterns are 
thus available at the carrier or 
on the calling card for online 
detection 



Concurrent with the telephone 

call, the voice pattern 
recognition is started in order to 
identify the caller's speech 
pattern. 



yes 



The speech pattern obtained for 
"the caller from the telephone call is compared" 
j/vith the references stored for this line (or on the calling" 
card). Speech pattern recognized? 
yes/no? 



The call is continued in 
the normal manner and 
the owner of the line 
pays the charge. 



no 



The call is interrupted 
or terminated to protect 
the customer against 
financial harm. 

1 



no 



If the calling card is 
used, the call is always 
terminated. 



1 



The customer receives a log of the abuse attempt so 
that he can identify the "perpetrator". 
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voice recognition. 




The integrated hardware 
determines whether the caller 
is authorized and sends the 
signal to the PBX for relaying. 



Fig. 3b 



Implementation example: 

voice recognition in an exchange 
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"Dscriber line 



IP voice recognition 
speech pattern 



Fig. 4a 



Service Management 
Voice Recognition 



Switch 
Manager 





IP voice 
recognition 



Network Management Workstation 



ISDN/ 
CCS7 




Ethernet-based LAN 



Voice communication terminal 
Analog/ISDN/mobile telephone set 



Exchange 



Analog/ISDN 



Subscriber A 



Subscriber B 



Fig. 4b 
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KG ' n 9 matrix 




Subscriber A 




< ► 



CPU 

Control of the exchange 



\ 




Subscriber B 



Switching matrix 



Fig. 4c 



ii *»p i'$ fc, e :i , jro" p ^ o si* 



6/6 





Subscriber line 



IIP voice recognition 
speech pattern 



Fig. 5 
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nFn.ARATIQN AND POWER OF ATTORNEY 

As a below named inventor, I hereby declare that; 

My residence, post office address and citizenship are as stated below next to 

my name. 

I believe I am an original, first and joint inventor of the subject matter which is 
claimed and for which a patent is sought on the invention entitled METHOD FOR 
VERIFYING ACCESS AUTHORIZATION FOR VOICE TELEPHONY IN A FIXED 
NETWORK LINE OR MOBILE TELEPHONE LINE AS WELL AS A 
COMMUNICATIONS NETWORK, the specification of which was filed as International 
Application No. PCT/EP99/06371 on August 30, 1999, and filed as U.S. application on 
March 9. 2001 having U.S. Serial No. 09/786,819 for Letters Patent in the U.S.P.T.O. 

I hereby state that I have reviewed and understand the contents of the 
above-identified specification, including the claims. 

I acknowledge the duty to disclose information which is material to the 
examination of this application in accordance with Title 37, Code of Federal Regulations, 
§ 1.56(a). 

I hereby claim foreign priority benefits under Title 35, United States Code, § 
1 19 of any foreign application(s) for patent or inventor's certificate listed below and have also 
identified below any foreign application(s) for patent or inventor's certificate having a filing 
date before that of the application on which priority is claimed: 



PRIOR FOREIGN APPLICATION S> 

Number Country Day/Month/Year Priority Claimed 

Filed Under 35 USC 119 



198 41 166.9 Fed. Rep. of 9 September, 1998 Yes 

Germany 
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And I hereby appoint Richard L. Mayer (Reg. No. 22.490), Gerard A- Messina 
(Reg. No. 35,952) and Linda M. Shudy (Reg. No. 47,084) my attorneys with full power of 
substitution and revocation, to prosecute this application and to transact all business in the 
Patent and Trademark Office connected therewith. 



Please address all communications regarding this application to: 



KENYON & KENYON 

One Broadway - - . - 

New York, New York 10004 2oo4o 

PATENT TRADEMARK OFFICE 

CUSTOMER NO. 26646 — 
Please direct all telephone calls to Richard L. Mayer at (212) 425-7200. 

I hereby declare that all statements made herein of my own knowledge are true 
and that all statements made on information and belief are believed to be true; and further that 
these statements were made with the knowledge that willful false statements and the like so 
made are punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the 
United States Code and that such willful and false statements may jeopardize the validity of 
the application or any patent issued thereon. 
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k(v«nton Axel SUfiEN 




Inventor's Signature: 




Date: ^ ^ ^ 2 ^ ^ 



52062 Aachen ^ 
Federal Republi 



OLtirauhip : Federal Republic of Germany 



P<jst Office Address. Same as above. 
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Inventor: 



Stefan BROCK 




Date: 



Residence: Hennefer Strassc 6b 

53737 SaakUiuguatin 4— 
Federal Republic of Germany 



Citizenship: Federal Republic of Germany 



Post Office Address: Same as above. 
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DECLARATION AM? fft^ KR OF ATTOtt^y 
As a hdow named inventor, I hereby declare that; 

My residence, post office address $wd citizenship are as stated below ne*t to 

my name. 

I believe I am am original, first and joint inventor of the subjem: muter which is 
claimed and for which u patent is nought on Che invention ontidsd METHOD FOR 
VERIFYING ACCESS AUTHORIZATION FOR VOICE TELEPHONY IN A HKED 
Ni:rWORK LINK OR MOBILE TELEPHONE UNE AS WEIi AS A 
COMMUTATIONS NETWORK the apecifkption of which was filed w International 
Application No. PCT/HM9/06371 on Augtfit 30, 1599. and tiled as U.S. appiicatioji on 
Mairch 9. 2001 having U.S. Serial No. 09/786,819 Ibr Lecrcx* Patent in the USJ.T.O. 

I hereby state thai I havts reviewed and understand the contents of the 
above-identified specification, including the claims. 

I acknowledge the duty to disclose infaunatioa which w material to the 
exstningtian of this application in accordance with Title 37, Code of Federal JUguIation^ 
§ 1.5«ft 

I hereby claim foreign priority benefits under Title 35, United States Codft, f 
113 of any far^gn «ppUeation(s) for patent or inventor's certificate listed below and have afeo 
identified below any foreign application^) &r patent or mvntert certificate having a filing 
date before that of the application on which priority is claimed^ 
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And 1 hereby appoiot Wei** L- Mayor (Sag. No. 22.490), Gerard a. Magna 
CRo^-Nb. 3S.952) andliodaM. ShudyCRes.No. 47,084) my attorneys with Ml power of 
substation and ravwatian, to prosecute this applicaLoa and to wmnei all burins * fte 
Patent and Trademark Office oonnecuni therewith. 

Please addrciSii aU eommunicarions regarding this application to: 

KENYQNf & KENYON 
One Broadwiy 
New York. Now York 10004 

CUSTOMER NO- 26646 

Please diaper «n cefcptone colls to JUflbwd I» Mayer at (2 12) 425-7204 



I hereby declare that all automate made hunan of my DWB knowledge 
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the application or any patent Issued thereon, 



ge ere true 



Page 2 of 4 



ionBt 



»«mmn« M n W M ««sc« tsth ■«»+ tm xt 



-*T T(r zn. ib/un 



09/07 '02 DI 15:13 FAX +49 6151 835843 DT Patentee Hung U *3 "J"* S 6« EJ A *J - O 7BjAllJ ££ 
9-JUL-2002 14:47 UPN=IM«ILIEM N.BREMER * 0241403102 * AN : 006151835843 ' 



S:8 



NO -326 DBT 



Investor: Stefan BROCK 

Inventor's Signature: 

Date; 



Residence: HennBfer Strasfie fib 
53737 Sflnkr Aufuatin 
Federal Republic of Ganmapy 



Citlzcnahip: Federal Hcpublia of Germany 



Post Office Addrosp: Saiu* «o above, 
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Inventor: Axel SUSEN 

Inventor's Signature: 

Date: 

Residence: Heinrichsallee 66 
52062 Aachen 

Federal Republic of Germany 
Citizenship: Federal Republic of Germany 



Post Office Address: Same as above. 
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